As we mentioned in previous sections, to achieve end-to-end application security (encryption, authorization, and authentication), an exchange of digital credentials is required. Digital credentials come in different forms. The most commonly used credential is a digital certificate that conforms to a standard called X.509. Microsoft has recently announced plans to base its efforts on another type of credential called Kerberos tickets. In either case, these credentials hold information about the Holder, including information about the encryption methods being used and the Holder’s digital signature.

Microsoft and IBM have proposed extending the SOAP 1.1 specification to include a security-specific credentials header, which would standardize the use of multiple types of credentials within a SOAP message. The motivation for the extensions is to give SOAP-based services the ability to sign portions of the SOAP envelope.

To use XML Digital Signatures (or any digital signature) effectively in SOAP messages, you need a standardized way to incorporate them into the message.

To address this need, IBM and Microsoft have proposed a set of SOAP 1.1 header extensions that standardize the use of digital signatures. The goal is to enable SOAP envelopes to contain a digital ...