Such standards described extremely ?¬‚exible operations, in
which different parts of the document could be encrypted or
signed using different algorithms or even different keys. WSSecurity
describes how to apply XML Signature and XML
Encryption to a special kind of XML document, the SOAP message.
Without going into the ?¬?ne details, the peculiar structure
of a SOAP message offers a natural way to apply the model. The
message can be modi?¬?ed according to the intended operation??”
for example, by substituting the body with encrypted data??”
Security was the
?¬?rst advanced
capability added on
top of SOAP, and it
leveraged the work
already done for
XML
146 Hints Toward a Solution
while the SOAP header can carry a description of the cryptographic
transformation that took place. The receiving end of
such a message analyzes the content of a special WS-Security
SOAP header, discovering that the body was encrypted using a
certain algorithm and a certain key; if the receiver owns the
corresponding key, he can now reverse the process and decrypt
the body. The signature case is analogous.
Figure 2-5 illustrates such a SOAP message.
Token
Signature
S
Security Header
Figure 2-5 A SOAP message whose body has been signed via WSSecurity.
Pages:
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253