Hi guys, I am trying to understand how the web service security headers in SOAP work.
I can see that there should be a BinarySecurityToken, a Created and Expires datetime, and a Signature portion. My questions are as follows:
- What is the BinarySecurityToken? Is it the entire certificate used for signing stuff in this message, or is it just the public key perhaps?
- What exactly gets signed to create the digital signature tag contents? Is it the text of the other three parts of the security header? Or maybe the whole soap body below?
Any help would be greatly appreciated.