Member Submission - Note

Date: Feb. 6, 2001
Link: http://www.w3.org/TR/SOAP-dsig/
Source Author or Organization: IBM Corporation, Microsoft Corporation

This Note describes processing rules and syntax to extend Simple Object Access Protocol (SOAP) 1.1 (http://www.xml.com/pub/r/214) to allow a message header to carry digital signature information conforming to XML-Signature Core Syntax and Processing Candidate Recommendation.

The SOAP header element defined for this purpose is <SOAP-SEC:Signature>. (SOAP-SEC is an extensible namespace for adding security features to the header that must be used with the URI "http://schemas.xmlsoap.org/soap/security/2000-12".

Additional attributes for use in the header are defined; 'actor' indicates the recipient of a header element, and 'mustUnderstand' indicates whether an enclosed Signature should be validated by the application.

Also defined is a global attribute 'ID' in the SOAP-SEC namespace that may be used for referencing the signed part of the SOAP Envelope to unambiguously identify and reference elements.