Member Avatar for shug94

Hi guys, I am trying to understand how the web service security headers in SOAP work.

I can see that there should be a BinarySecurityToken, a Created and Expires datetime, and a Signature portion. My questions are as follows:
- What is the BinarySecurityToken? Is it the entire certificate used for signing stuff in this message, or is it just the public key perhaps?
- What exactly gets signed to create the digital signature tag contents? Is it the text of the other three parts of the security header? Or maybe the whole soap body below?

Any help would be greatly appreciated.

Cheers,

Cameron

  • 2 Contributors
  • 1 Reply
  • 127 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by yaronn01
Member Avatar for yaronn01

> What is the BinarySecurityToken? Is it the entire certificate used for

signing stuff in this message, or is it just the public key perhaps?
the entire certificate including the public key. Of course not including the private key.

> What exactly gets signed to create the digital signature tag contents? Is it the text of the other three parts of the security header? Or maybe the whole soap body below?

It is up to the decision of the service writer. He can decide that all of what you mentioned is required to be signed or none of it.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.