Davanum Srinivas wrote:
my 2 cents, whatever is in the soap body is destined for the
application that consumes/needs the soap request/response. the header
is a location where intermediate nodes or the soap engine(s) at the
end can add custom information independent of the application that
sends/receives the soap request/response.
-- dims
Thanks for your good opinion.
I agree with your idea that header where any supplementary information
such as address and id/passwd is generally located .
So, I think this might be one reason why security element is included in
header part of SOAP messages, in WS-Security.
*question 1) * Is there other reasons why WS-Security defines
especially security elments in header part of SOAP message.
As I mentioned in an original e-mail, I believe that security element
defined with XML-Signature and XML-Encryption could be located in
either header part or body part in SOAP messages.
If it is possible, the former approach(using WS-Security) could contain
more information in header and the latter would be reverse.
In web services applications, the flow of message transactions could be
passed to an intended recipient by way of several intemediaries.
In this case, which approach would be better from the viewpoints of
message processing and decryption ?
*question 2)* trade-off between two approaches(from the viewpoints of
implementation or performance) ?
Il-Gon Kim
On 3/14/06, IL GON KIM <[EMAIL PROTECTED]> wrote:
I am studying on WS-Security and have a question about it.
As far as I understand it, WS-Security defines security elements in
header part of the SOAP messages, by combining WS-Signature and
WS-Encryption standards.
I think it is possible to define security elements in body part of the
SOAP message, not in header part.
In my opinon, there would be a reason why security elment is described
in header part in WS-Security.
If there is anyone who knows this reason or trade-off between two
approaches, please give me your opinion.
Regards
Il-Gon Kim
--
Davanum Srinivas : http://wso2.com/blogs/
