Q

Implementing a security aspect in a SOAP message

A SearchWebServices.com member asks one of our experts "How can I implement a security aspect in a SOAP message? Could you provide an example of how to add this to the SOAP header?" Read the response or pose a question of your own.

How can I implement a security aspect in a SOAP message? Could you provide an example of how to add this to the SOAP header?

The OASIS Web Services Security: SOAP Message Security v1.0 specification (more commonly known as WS-Security) defines a standard for attaching security information to a SOAP message. It supports XML encryption, XML signatures and various security tokens (Username, X.509, SAML, REL, Kerberos and custom tokens).

Most Web services platforms now provide integrated support for WS-Security, although you will need to upgrade to the latest release of your favorite platform to get it. .NET supports WS-Security via the Web Services Enhancements (WSE) framework. Apache Axis supports WS-Security via WSS4J.

Typically, a security header block is created and processed by a handler. The specific means by which you configure the handler will be dependent on the product in question. In most circumstances, though, the handler and the settings are defined using configuration files rather than code.

WS-I is developing a Basic Security Profile, which provides interoperability guidance. The profile is still in draft stage, though, and is subject to change.

This was first published in October 2005

Dig deeper on WS-Security (Web services security standards)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide

SearchWinDevelopment

Close