The W3C has acknowledged the submission of a note describing how an XML Signature may be included within a SOAP envelope header.

The note, a joint submission from IBM and Microsoft, describes a standard way to use a XML Signature as defined by the current XML Signature Candidate Recommendation to sign SOAP 1.1 messages.

The proposal includes the signature as a new element from a specific namespace within the SOAP envelope header to authentify the message body. Although this might seem very straightforward, the W3C team comments have highlighted two innovative points that might be generalized:

• The addition of "actor" and "mustUnderstand" attributes to specify if the processing of the signature is mandatory.
• The signature uses an XPointer "bare name" reference to the body part of the SOAP message (<ds:Reference URI="#Body">) and the match is made by an ID type attribute to the message body (<SOAP-ENV:Body ... SOAP-SEC:id="Body">).

The submission includes declarations from IBM and Microsoft promising -- in the event that the proposal becomes a W3C standard -- to grant:

• ... upon written request, a non-exclusive license under such patents on reasonable and non-discriminatory terms. (IBM)
• ... to any a license on reasonable and non-discriminatory terms under applicable Microsoft intellectual property rights essential to implement and use the technology proposed in this contribution in products that comply with the Standard but only for the purpose of complying with the Standard. (Microsoft)

Related stories:

• SOAP security discussion
• SOAP vs ebXML discussions, SOAP Attachments released
• Jon Bosak on SOAP and ebXML at XML 2000
• New patent threat for W3C specifications