Hi All,
Hope this is the correct group to point my question to. Our consumer will be
calling us with Signed SOAP header for Non repudiation and we have a
intermediate router assembles a new soap message again by taking the soap
header and soap body. My question is If we alter the soap body of a digitally
signed message is it still considered as a valid signed message ? If I do sign
only , How does the message integrity is maintained ?
Implementaiton details :
axis2 rampart
using rampart sample2 policy file
http://ws.apache.org/rampart/samples/policy/sample02.xml
Sample 02
Sign only, An AsymmetricBinding is used. Entire headers and body to be signed.
Algorithm suite is TripleDesRsa15.
Thanks,
PM