Using XML Signature and Encryption with WSS

SOAP Web Service Tutorials - Herong's Tutorial Examples

∟WS-Security - SOAP Message Security Extension

∟Using XML Signature and Encryption with WSS

This section describes XML Signature and XML Encryption specifications developed by W3C, which are used with WS-Security (WSS) to provide SOAP message integrity and confidentiality.

Using only WS-Security 1.1.1 standard and security token profile specifications presented in the previous section can help us to pass security information in the SOAP header to authenticate the web service sender.

If we want to enhance to SOAP messaging to provide message integrity and confidentiality by sign and encrypt SOAP messages, we need to two additional specifications developed by W3C:

XML Signature Syntax and Processing (Second Edition) - Specifies XML digital signature processing rules and syntax. XML Signatures provide integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.
XML Encryption Syntax and Processing - Specifies a process for encrypting data and representing the result in XML. The data may be arbitrary data (including an XML document), an XML element, or XML element content. The result of encrypting data is an XML Encryption element which contains or references the cipher data.

So in order to achieve Web service security with SOAP messages, we need to learn 3 layers of specifications to build SOAP request and response XML messages: