This section describes XML Signature and XML Encryption specifications developed by W3C, which are used with WS-Security (WSS) to provide SOAP message integrity and confidentiality.
Using only WS-Security 1.1.1 standard and security token profile specifications presented in the previous section
can help us to pass security information in the SOAP header to authenticate the web service sender.
If we want to enhance to SOAP messaging to provide message integrity and confidentiality by
sign and encrypt SOAP messages, we need to two additional specifications developed by W3C:
XML Signature Syntax and Processing (Second Edition) -
Specifies XML digital signature processing rules and syntax.
XML Signatures provide integrity, message authentication, and/or signer authentication services
for data of any type, whether located within the XML that includes the signature or elsewhere.
XML Encryption Syntax and Processing -
Specifies a process for encrypting data and representing the result in XML. The data may be arbitrary data
(including an XML document), an XML element, or XML element content. The result of encrypting data
is an XML Encryption element which contains or references the cipher data.
So in order to achieve Web service security with SOAP messages, we need to learn 3 layers of
specifications to build SOAP request and response XML messages:
The following picture shows an example of SOAP request XML structure showing XML elements and attributes from
all three specification layers: