Signed SOAP Messages

Skip to end of metadata
Go to start of metadata

Signed SOAP Messages

Introduction

This page presents a brief concept of digitally signing SOAP messages.

Purpose

Digital signatures, in the form of public-private key pairs, provide means for:

  • authentication of the message sender (proving that the sender is whom when claims to be);
  • authorization (certifying that the sender has the proper clearances to perform the queries or methods intended);
  • verifying integrity of the signed data, by utilizing hashes;
  • encryption, if needed.

SOAP Digital Signature Extension - SOAP-DSIG

The Digital Signature Extension (SOAP-DSIG) specifies a XML document structure that denotes the original signed message and the digital signature data. This XML structure contains specifications for the algorithms, public key, message digest, and digital certificate.

Examples of Digitally Signed SOAP Message

Example 1

Extracted from http://publib.boulder.ibm.com/infocenter/cicsts/v3r1/index.jsp?topic=/com.ibm.cics.ts31.doc/dfhws/wsSecurity/dfhws_soapmsg_signed.htm.

The header contains elements such as ds:DigestValue, where the message digest, generated with ds:DigestMethod Algorithm, is displayed (in this case, sha1). The ds:Reference URI shows the content being signed. The element ds:SignatureValue contains the digital signature, and wsse:BinarySecurityToken has information about the X.509 certificate, including the public key, encoded in base64Binary.

Example 2

Extracted from http://searchsoa.techtarget.com/news/article/0,289142,sid26_gci872858,00.html.

Below is an example of a SOAP in RCP-style, not signed. The method testMethod is invoked; the SOAP service is located at http: //localhost:8080/LogTestService.

The same document is now signed using a X.509 certificate and public key. We can note the elements ds:DigestValue, representing the digest of the original message above. The element ds:SignatureValue brings the digital signature of the digest, and ds:KeyInfo presents the X.509 certificate and public key. The server must use these data to verify the signature.

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.