[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Using UserNameToken and BinarySecurityToken in the same SOAP message
Colleagues - The document Web Services Security UsernameToken Profile 1.0 line 261 states: "Token ownership is verified by use of keys...." Is it reasonable to use wsse:UserNameToken to specify the identity of a user and then sign this element using the organization's private key? The Organizational certificate would be specified in a BinarySecurityToken. I am thinking of something similar to the following <S11:Envelope xmlns:S11="..." xmlns:wsse="..."> <S11:Header> <wsse:Security> <wsse:UsernameToken wsu:id="MessageProdcuerID"> <wsse:Username>Joe User</wsse:Username> </wsse:UsernameToken> ... <wsse:BinarySecurityToken ValueType="...#X509v3" EncodingType="...#Base64Binary" wsu:Id="X509Token"> MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i... </wsse:BinarySecurityToken> .... <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="...." /> <ds:SignatureMethod Algorithm="...." /> <ds:Reference URI="#MessageProdcuerID"> <ds:DigestMethod Algorithm="...." /> <ds:DigestValue>...</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>xxxxxxxxxx</ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#X509Token"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> ... </S11:Header> ... </S11:Envelope> Thanks, Jahan ------------------------------ Jahan Moreh Chief Security Architect 310.288.2141
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]