Chapter 7 Security
327
(See Simple Object Access Protocol on page 33 for more details about SOAP.)
A SOAP message is composed of three parts:
An envelope
A header that contains meta information
A body that contains the message contents
Figure 7.5 illustrates how security information can be embedded at the
message level. The diagram expands a SOAP header to show the header's security
information contents and artifacts related to the message. It also expands the body
entry to show the particular set of elements being secured.
The client adds to the SOAP message header security information that applies
to that particular message. When the message is received, the Web service end
point, using the security information in the header, applies the appropriate security
mechanisms to the message. For example, the service endpoint might verify the
message signature and check that the message has not been tampered with. It is
possible to add signature and encryption information to the SOAP message head
ers, as well as other information such as security tokens for identity for example,
an X.509 certificate that are bound to the SOAP message content.
S o a p E n v e l o p e
S O A P H e a d e r
H e a d e r E n t r y
some certificate information
...
H e a d e r E n t r y
S O A P B o d y
B o d y E n t r y
gv26bgftjsbv9wqa
B o d y E n t r y
Figure 7.5
Embedding Security at the Message Level
footer
Our web partners:
Inexpensive
Web Hosting
Java Web Hosting
personal webspace
webspace php
linux webhost
html web templates
DreamweaverQuality Web Templates
PSD Web Templates
cheap webhost
j2ee web Hosting
buy webspace
ftp webspace
adult webspace
frontpage WebHosting
webspace hosting
cheap webhost
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved
aol web hosting