
	Home > Ask the SOA Experts > SOA governance and standards Questions & Answers > Implementing a security aspect in a SOAP message

Ask The SOA Expert: Questions & Answers

EMAIL THIS

Implementing a security aspect in a SOAP message

EXPERT RESPONSE FROM: Anne Thomas Manes

		Pose a Question

		Other SOA Categories

		Meet all SOA Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 19 October 2005
How can I implement a security aspect in a SOAP message? Could you provide an example of how to add this to the SOAP header?

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	SOA governance and standards
	UDDI clients and UDDI implementations
	Creating an enterprise data dictionary
	Hard vs. live real time systems
	Service contract tools
	Open source UDDI tools
	SOA policy management
	Service reuse rules
	WSDM lagging behind WS-Management
	The status of JBI
	WSDL 1.1 vs. WSDL 2.0

WS-Security (Web services security standards)

The technology of Web Service Security

Web 2.0 at the old ballgame

SOA complicated by ESB proliferation

BPEL4People and WS-HumanTask get reference implementation

Liberty offers Web 2.0 open source security

The case against WS-Security

SOA governance, security concerns drive XACML interop

New BizTalk Services rolling out

Will acquisitions stifle SOA innovation?

Burton: WS-* specs good, but SOA security needs more

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

Web Services Trust Language (SearchSOA.com)

WS-Security (SearchSOA.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

The OASIS Web Services Security: SOAP Message Security v1.0 specification (more commonly known as WS-Security) defines a standard for attaching security information to a SOAP message. It supports XML encryption, XML signatures and various security tokens (Username, X.509, SAML, REL, Kerberos and custom tokens).

Most Web services platforms now provide integrated support for WS-Security, although you will need to upgrade to the latest release of your favorite platform to get it. .NET supports WS-Security via the Web Services Enhancements (WSE) framework. Apache Axis supports WS-Security via WSS4J.

Typically, a security header block is created and processed by a handler. The specific means by which you configure the handler will be dependent on the product in question. In most circumstances, though, the handler and the settings are defined using configuration files rather than code.

WS-I is developing a Basic Security Profile, which provides interoperability guidance. The profile is still in draft stage, though, and is subject to change.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SOA Governance White Papers - BPM, EDA, IT Governance

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2001 - 2009, TechTarget \| Read our Privacy Policy