[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Using UserNameToken and BinarySecurityToken in the same SOAP message
Colleagues -
The document Web Services Security UsernameToken Profile 1.0 line 261
states:
"Token ownership is verified by use of keys...."
Is it reasonable to use wsse:UserNameToken to specify the identity of a user
and then sign this element using the organization's private key? The
Organizational certificate would be specified in a BinarySecurityToken. I am
thinking of something similar to the following
<S11:Envelope xmlns:S11="..." xmlns:wsse="...">
<S11:Header>
<wsse:Security>
<wsse:UsernameToken wsu:id="MessageProdcuerID">
<wsse:Username>Joe User</wsse:Username>
</wsse:UsernameToken>
...
<wsse:BinarySecurityToken ValueType="...#X509v3"
EncodingType="...#Base64Binary" wsu:Id="X509Token">
MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i...
</wsse:BinarySecurityToken>
....
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="...." />
<ds:SignatureMethod Algorithm="...." />
<ds:Reference URI="#MessageProdcuerID">
<ds:DigestMethod Algorithm="...." />
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>xxxxxxxxxx</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#X509Token"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
...
</S11:Header>
...
</S11:Envelope>
Thanks,
Jahan
------------------------------
Jahan Moreh
Chief Security Architect
310.288.2141
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]