Using XML Signature and Encryption with WSS
This section describes XML Signature and XML Encryption specifications developed by W3C, which are used with WS-Security (WSS) to provide SOAP message integrity and confidentiality.
Using only WS-Security 1.1.1 standard and security token profile specifications presented in the previous section
can help us to pass security information in the SOAP header to authenticate the web service sender.
If we want to enhance to SOAP messaging to provide message integrity and confidentiality by
sign and encrypt SOAP messages, we need to two additional specifications developed by W3C:
XML Signature Syntax and Processing (Second Edition) -
Specifies XML digital signature processing rules and syntax.
XML Signatures provide integrity, message authentication, and/or signer authentication services
for data of any type, whether located within the XML that includes the signature or elsewhere.
XML Encryption Syntax and Processing -
Specifies a process for encrypting data and representing the result in XML. The data may be arbitrary data
(including an XML document), an XML element, or XML element content. The result of encrypting data
is an XML Encryption element which contains or references the cipher data.
So in order to achieve Web service security with SOAP messages, we need to learn 3 layers of
specifications to build SOAP request and response XML messages:
The following picture shows an example of SOAP request XML structure showing XML elements and attributes from
all three specification layers:
Last update: 2014.
Table of Contents
About This Book
Introduction to Web Service
Introduction to SOAP (Simple Object Access Protocol)
SOAP Message Structure
SOAP Message Transmission and Processing
SOAP Data Model
SOAP RPC Presentation
SOAP Properties Model
SOAP Message Exchange Patterns
SOAP HTTP Binding
SOAP Perl Implementations
SOAP PHP Implementations
SOAP Java Implementations
Perl SOAP::Lite - SOAP Server-Client Communication Module
Perl Socket Test Program for HTTP and SOAP
Perl SOAP::Lite for GetSpeech SOAP 1.1 Web Service
Perl SOAP::Lite 0.710 for SOAP 1.2 Web Services
Perl SOAP::Lite 0.710 for WSDL
PHP SOAP Extension Client Programs
PHP SOAP Extension Server Programs
Java Socket and HttpURLConnection for SOAP
SAAJ - SOAP with Attachments API for Java
SoapUI - SOAP Web Service Testing Tool
►WS-Security - SOAP Message Security Extension
What Is WS-Security (WSS)?
►Using XML Signature and Encryption with WSS
SOAP Header Element "Security"
What Is WS-Security Username Token Profile?
SoapUI Configuration for Username Token
Generating Username Token with SoapUI
Validating wsse:Password Digest String
Password Digest Validation Program
WS-Security X.509 Certificate Token
Web Services and SOAP Terminology
PDF Printing Version