Problem solve Get help with specific problems with your technologies, process and projects.

Implementing a security aspect in a SOAP message

A SearchWebServices.com member asks one of our experts "How can I implement a security aspect in a SOAP message? Could you provide an example of how to add this to the SOAP header?" Read the response or pose a question of your own.

How can I implement a security aspect in a SOAP message? Could you provide an example of how to add this to the SOAP header?

The OASIS Web Services Security: SOAP Message Security v1.0 specification (more commonly known as WS-Security)...

defines a standard for attaching security information to a SOAP message. It supports XML encryption, XML signatures and various security tokens (Username, X.509, SAML, REL, Kerberos and custom tokens).

Most Web services platforms now provide integrated support for WS-Security, although you will need to upgrade to the latest release of your favorite platform to get it. .NET supports WS-Security via the Web Services Enhancements (WSE) framework. Apache Axis supports WS-Security via WSS4J.

Typically, a security header block is created and processed by a handler. The specific means by which you configure the handler will be dependent on the product in question. In most circumstances, though, the handler and the settings are defined using configuration files rather than code.

WS-I is developing a Basic Security Profile, which provides interoperability guidance. The profile is still in draft stage, though, and is subject to change.

This was last published in October 2005

Dig Deeper on Securing services



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.