The header section contains the WS-Security header, which in
turn contains a security token and the signature element itself. The solid
line and arrowheads highlight the reference to the part of the envelope
that has been signed (in this case, the entire body); the dotted line and
arrowheads show the parts that associate the signature with the token
containing the associated key. The section S, indicated by the curly
bracket, shows the portion of the message that has been signed.
WS-* Web Services Speci?¬?cations: The Rei?¬?cation of the Identity Metasystem 147
WS-Security does not introduce any new cryptographic algorithm,
nor does it de?¬?ne any new source of keys. SOAP is a
trade language, designed for bridging different platforms and
technologies. To effectively support the SOAP mission, WSSecurity
needs to be able to accommodate existing security
technologies and promote interoperability among those. If it
sounds quite similar to what we have seen for the Identity
Metasystem and existing authentication technologies, that??™s because
it is.
WS-Security needs to be able to encrypt and sign SOAP messages
by using the technologies available to its users: X.509,
Kerberos, SAML, username and passwords, plus every present
and future source of cryptographic material are candidates.
Pages:
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254