I'm thinking about how to secure SOAP messages. At first everyone thinks, "Aha! just transport it using SSL" but as this WebService Security presentation notes "SOAP messages are intended to be passed through chained WebServices". This leads to the need for signing and encryption
Some proposals have been developed:
This W3C document specifies the syntax and processing rules of a SOAP header entry to carry digital signature information within a SOAP 1.1 Envelope.
Posted by stuartcw at April 9, 2003 01:40 PM