954,561 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
Ad: Download FREE Active Directory Management Software from Spiceworks
2 Years Ago
0

Web Service Security headers in SOAP, simple query

Hi guys, I am trying to understand how the web service security headers in SOAP work.

I can see that there should be a BinarySecurityToken, a Created and Expires datetime, and a Signature portion. My questions are as follows:
- What is the BinarySecurityToken? Is it the entire certificate used for signing stuff in this message, or is it just the public key perhaps?
- What exactly gets signed to create the digital signature tag contents? Is it the text of the other three parts of the security header? Or maybe the whole soap body below?

Any help would be greatly appreciated.

Cheers,

Cameron

shug94
Newbie Poster
1 post since Sep 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

> What is the BinarySecurityToken? Is it the entire certificate used for

signing stuff in this message, or is it just the public key perhaps?
the entire certificate including the public key. Of course not including the private key.

> What exactly gets signed to create the digital signature tag contents? Is it the text of the other three parts of the security header? Or maybe the whole soap body below?

It is up to the decision of the service writer. He can decide that all of what you mentioned is required to be signed or none of it.

yaronn01
Newbie Poster
3 posts since Nov 2008
Reputation Points: 10
Solved Threads: 1
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed