Ask the Expert

Implementing a security aspect in a SOAP message

How can I implement a security aspect in a SOAP message? Could you provide an example of how to add this to the SOAP header?

    Requires Free Membership to View

The OASIS Web Services Security: SOAP Message Security v1.0 specification (more commonly known as WS-Security) defines a standard for attaching security information to a SOAP message. It supports XML encryption, XML signatures and various security tokens (Username, X.509, SAML, REL, Kerberos and custom tokens).

Most Web services platforms now provide integrated support for WS-Security, although you will need to upgrade to the latest release of your favorite platform to get it. .NET supports WS-Security via the Web Services Enhancements (WSE) framework. Apache Axis supports WS-Security via WSS4J.

Typically, a security header block is created and processed by a handler. The specific means by which you configure the handler will be dependent on the product in question. In most circumstances, though, the handler and the settings are defined using configuration files rather than code.

WS-I is developing a Basic Security Profile, which provides interoperability guidance. The profile is still in draft stage, though, and is subject to change.

This was first published in October 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: