• Post Reply Bookmark Topic Watch Topic
  • New Topic

XML Signature - why not Enveloping Signatures for SOAP Messages?  RSS feed

 
Prasad DV
Author
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
While the XML Signature Specifications consider the Enveloping signatures to be reccomended way to sign XML Documents the all illustrations of WS Security Specifications show us Detached Signatures rather than Enveloping Signatures as the way to go about when signing a SOAP Message. Can anyone explain the rationale behind this? I don't think that the WS Sec specs themselves do not reccoment any particular method. Has any one come across an example os a signed SOAP Message where the Enveloped Signature is used?
 
Kyle Brown
author
Ranch Hand
Posts: 3892
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you used an Enveloped Signature then you are not presenting a standard SOAP body. Of course, this is only a problem when you are doing RPC-style SOAP, but it is a problem nonetheless. A detached signature can be contained entirely within a WS-SEC Header, which (since the SOAP spec allows headers to be anything you please) corresponds to the spec, even in the RPC case.
Kyle
 
Prasad DV
Author
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Kyle Brown:
If you used an Enveloped Signature then you are not presenting a standard SOAP body. Of course, this is only a problem when you are doing RPC-style SOAP, but it is a problem nonetheless. A detached signature can be contained entirely within a WS-SEC Header, which (since the SOAP spec allows headers to be anything you please) corresponds to the spec, even in the RPC case.
Kyle

Thanks for the info. You are exactly hitting the nail on its head!
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!