Chapter 8 describes the SOAP protocol framework. The W3C Note [SOAP-Sec] specifies a method for including XML digital signatures in SOAP messages. As you might expect from the generality of the SOAP syntax, the method is also fairly general. Limitations would likely be found in further profiling for specific applications based on SOAP. The [SOAP-Sec] document accomplishes this goal by providing a SOAP Signature element so that an application can freely include it as a SOAP Header Block. This element has as its content a single XML digital signature and may have the additional attributes of SOAP blocks as well. Also, SOAP defines a global "id" attribute that applications can use in elements to be signed; as a consequence, they can be conveniently cited in XMLDSIG Reference elements. See the following schema definition: Schema definition: <schema xmlns="http://www.w3.org/1999/XMLSchema" xmlns:SOAP-SEC= "http://schemas.xmlsoap.org/soap/security/2000-12" targetNamespace= "http://schemas.xmlsoap.org/soap/security/2000-12" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <import namespace="http://www.w3.org/2000/09/xmldsig#"/> <import namespace="http://schemas.xmlsoap.org/soap/envelope/"/> <element name="Signature" final="restriction"> <complexType> <sequence> <element ref="ds:Signature" minOccurs="1" maxOccurs="1"/> </sequence> <attribute name="id" type="ID" use="optional"/> <attribute ref="env:actor" use="optional"/> <attribute ref="env:mustUnderstand" use="optional"/> </complexType> </element> <attribute name="id" type="ID"/> </schema> 11.2.1 Processing RulesThe SOAP application signature profile provides the following rules and recommendations:
11.2.2 SOAP Signature ExampleExample 11-3 shows a SOAP Envelope with a signature in it. Example 11-3 SOAP signature<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Header> <SOAP-SEC:Signature xmlns:SOAP-SEC= "http://schemas.xmlsoap.org/soap/security/2000-12" env:actor="http://foo.example/bar" env:mustUnderstand="1"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <ds:Reference URI="#Body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk= </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> rMzv774yMoCLi8kHB23q6rva2hs5Ore amqFwcFDg4AaXl0qhoYQGBg== </ds:SignatureValue> </ds:Signature> </SOAP-SEC:Signature> </env:Header> <env:Body SOAP-SEC: xmlns:SOAP-SEC= "http://schemas.xmlsoap.org/soap/security/2000-12"> <m:GetLastTradePrice xmlns:m="http://example.com/trade"> <m:symbol>EXAMPLE</m:symbol> </m:GetLastTradePrice> </env:Body> </env:Envelope> |