The W3C has acknowledged
the submission of a note describing how an XML Signature
may be included within a SOAP envelope header.
The note, a joint submission from IBM and Microsoft, describes a standard way to use a XML Signature as
defined by the current XML Signature Candidate Recommendation to sign SOAP 1.1 messages.
The proposal includes the signature as a new element from a specific namespace within
the SOAP envelope header to authentify the message body. Although this might seem very straightforward, the W3C team comments have highlighted
two innovative points that might be generalized:
- The addition of "actor" and "mustUnderstand" attributes to specify if the processing of the signature is mandatory.
- The signature uses an XPointer "bare name" reference to the body part of the SOAP message (<ds:Reference URI="#Body">) and the match is made by an ID type attribute to the message body (<SOAP-ENV:Body ... SOAP-SEC:id="Body">).
The submission includes declarations from IBM and Microsoft promising -- in the event that the
proposal becomes a W3C standard -- to grant:
- ... upon written request, a non-exclusive license under such patents on reasonable and non-discriminatory terms. (IBM)
- ... to any a license on reasonable and non-discriminatory terms under applicable Microsoft intellectual
property rights essential to implement and use the technology proposed in this contribution in products that comply with the Standard but only for the purpose of complying with the Standard. (Microsoft)
Related stories:
|