What Is WS-Security X.509 Certificate Token Profile?

This section describes the WS-Security X.509 Certificate Token Profile specification describing the profile (specific mechanisms and procedures) on how the 'BinarySecurityToken' element defined in WS-Security standard can be used to include X.509 certificate as a means of identifying the sender of a SOAP message.

What Is "WS-Security X.509 Certificate Token Profile"? WS-Security X.509 Certificate Token Profile is an OASIS specification that describes the profile (specific mechanisms and procedures) on how the "BinarySecurityToken" element defined in WS-Security standard can be used to include X.509 certificate as a means of identifying the sender of a SOAP message to the receiver.

What Is "X.509 Certificate"? An X.509 Certificate is a binding of a public key and its owner certified by a Certificate Authority (CA). It can be used to authenticate the certificate owner if the CA can be trusted..

Here is a SOAP request message example that contains a wsse:BinarySecurityToken element containing an X.509 certificate.

<soapenv:Envelope 
 xmlns:ser="http://www.herongyang.com/Service/" 
 xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:wsse="http://docs.oasis-open.org/wss/2004/01
    /oasis-200401-wss-wssecurity-secext-1.0.xsd"
 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01
    /oasis-200401-wss-wssecurity-utility-1.0.xsd"
 >
<soapenv:Header>

 <wsse:Security>
  <wsse:BinarySecurityToken 
   EncodingType="http://docs.oasis-open.org/wss/2004/01
      /oasis-200401-wss-soap-message-security-1.0#Base64Binary"
   ValueType="http://docs.oasis-open.org/wss/2004/01
      /oasis-200401-wss-x509-token-profile-1.0#X509v3">
MIIDIjCCAt6gAwIBAgIEZjRlNTALBgcqhkjOOAQDBQAwYjELMAkGA1UEBhMCVU4x
EDAOBgNVBAgTB015U3RhdGUxDzANBgNVBAcTBk15Q2l0eTEOMAwGA1UEChMFTXlP
...
C4wxFfMc6tuHul2L9dHHAhUAhIEbBrqBKn9A99IXZtHFvE/uPbw=
  </wsse:BinarySecurityToken>
 </wsse:Security>

</soapenv:Header>
<soapenv:Body>
 <ser:HelloRequest>Hello</ser:HelloRequest>
</soapenv:Body>
</soapenv:Envelope>

Notice that how specification identifiers are used to describe the X.509 certificate format:

The receiver of the above message can follow the "WS-Security X.509 Certificate Token Profile" specification to parse out the X.509 certificate and perform certificate validation to authenticate the sender.

X.509 certificate token also plays an important role in protecting message integrity and confidentiality by applying:

For more information, see the full specification at http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-x509TokenProfile-v1.1.1-os.html.

Last update: 2014.

Table of Contents

 About This Book

 Introduction to Web Service

 Introduction to SOAP (Simple Object Access Protocol)

 SOAP Message Structure

 SOAP Message Transmission and Processing

 SOAP Data Model

 SOAP Encoding

 SOAP RPC Presentation

 SOAP Properties Model

 SOAP Message Exchange Patterns

 SOAP HTTP Binding

 SOAP Perl Implementations

 SOAP PHP Implementations

 SOAP Java Implementations

 Perl SOAP::Lite - SOAP Server-Client Communication Module

 Perl Socket Test Program for HTTP and SOAP

 Perl SOAP::Lite for GetSpeech SOAP 1.1 Web Service

 Perl SOAP::Lite 0.710 for SOAP 1.2 Web Services

 Perl SOAP::Lite 0.710 for WSDL

 PHP SOAP Extension Client Programs

 PHP SOAP Extension Server Programs

 Java Socket and HttpURLConnection for SOAP

 SAAJ - SOAP with Attachments API for Java

 SoapUI - SOAP Web Service Testing Tool

 WS-Security - SOAP Message Security Extension

WS-Security X.509 Certificate Token

What Is WS-Security X.509 Certificate Token Profile?

 What Is XML Signature Syntax and Processing?

 Generating a Self-Signed Certificate with "keytool"

 SoapUI Configuration for Messaging Signing

 Generating Digital Signature with SoapUI

 Validating ds:Signature with X.509 Certificate

 Digital Signature Options Supported in SoapUI

 What Is XML Encryption Syntax and Processing?

 SoapUI Configuration for Messaging Encryption

 "not an RSA key" - Encryption Failed in SoapUI

 Encryption using RSA Public Key with SoapUI

 2-Step Message Encryption - Symmetric and RSA

 Decrypting Encrypted SOAP Message

 Message Encryption Options Supported in SoapUI

 Web Services and SOAP Terminology

 References

 PDF Printing Version