I am studying on WS-Security and have a question about it.
As far as I understand it, WS-Security defines security elements in
header part of the SOAP messages, by combining WS-Signature and
WS-Encryption standards.
I think it is possible to define security elements in body part of the
SOAP message, not in header part.
In my opinon, there would be a reason why security elment is described
in header part in WS-Security.
If there is anyone who knows this reason or trade-off between two
approaches, please give me your opinion.
Regards
Il-Gon Kim
