my 2 cents, whatever is in the soap body is destined for the application that consumes/needs the soap request/response. the header is a location where intermediate nodes or the soap engine(s) at the end can add custom information independent of the application that sends/receives the soap request/response.
-- dims On 3/14/06, IL GON KIM <[EMAIL PROTECTED]> wrote: > I am studying on WS-Security and have a question about it. > As far as I understand it, WS-Security defines security elements in > header part of the SOAP messages, by combining WS-Signature and > WS-Encryption standards. > > I think it is possible to define security elements in body part of the > SOAP message, not in header part. > In my opinon, there would be a reason why security elment is described > in header part in WS-Security. > > If there is anyone who knows this reason or trade-off between two > approaches, please give me your opinion. > > > Regards > Il-Gon Kim > > -- Davanum Srinivas : http://wso2.com/blogs/
