--
Chad La Joie
http://itumi.biz
trusted identities, delivered
On 3/25/11 9:08 AM, Frank Mundt wrote:
In addition to what Chad said, I'd point out that, at least as far as I
know, this "spec" (which really isn't a spec, as Chad noted) has
probably been superseded by the WS-Security spec. This one appears to
have been published in Feb 2001. WS-S 1.0 came out in March 2004 and
the latest 1.1 was ratified in Feb 2006. AFAIK, WS-Security is the
defacto standard for signing and encrypting SOAP messages. I'd also
note (since you mention encryption) that this document predates the XML
Encryption spec and therefore doesn't support encryption
(confidentiality) of the SOAP message, which is supported by WS-S .
Unless you are working with some (ancient?) piece of software which
requires use of this "spec" for interop, you might want to consider
looking at using WS-Security instead.
OpenSAML does have full support for the schema defined in WS-S 1.1.
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss