Understanding Web Services Specifications and the WSE (Pro Developer)

S

SAML security initiative, 229

SAP, 230

Secure Sockets Layer (SSL), 108

security. See also security tokens

attachments issues, 5960, 72

coordinated process issues, 189

data access issues, 109

DIME issues, 60, 73

role of tokens, 103

securing policy expressions, 158159

SOAP messages, 4748, 109

transaction issues, 189

transport level, 108

Web services overview, 101138

security context tokens

defined, 203

deriving, 206207

example, 203

requesting from STS, 204206

security contexts

defining, 202

deriving tokens, 206207

obtaining, 202

requesting tokens from an STS, 204206

requesting tokens from WSE-based service, 209215

role of tokens, 203207

Security element

defined, 115

example, 116118

overview, 116118

policy expression example, 158159

security token service (STS)

challenge-response mechanism, 198200

creating with WSE Settings tool, 208209

interoperability issues, 223

requesting tokens, 204206, 209215

role in Web services trust model, 193215

WSE-based service, 208213

security tokens. See also security context tokens

AppliesTo element, 200

attaching binary tokens to SOAP messages, 129131

attaching to SOAP messages, 127131

attaching username tokens to SOAP messages, 127129

cache, 166168

challenging, 198200

defined, 103

delegating, 201

encrypted, 200

encrypting SOAP messages, 135138

forwarding, 201

implementing manager, 131133

interoperability issues, 223

overview, 103

requesting, 195201

role in Web services trust model, 192215

signed, 192, 193, 194

special requests , 200201

specifying cryptographic key properties, 200

WS-Security Profile for XML Tokens, 229

Security.config file, defined, 33

SecurityContextService class, 208

SecurityContextToken element, 203207

SecurityContextToken object, 214

SecurityContextToken WSE class, 207

SecurityHeader policy assertion, 150

SecurityToken policy assertion, 148149

SecurityTokenReference element

defined, 116

example, 121

overview, 121

SecurityTokenService WSE class, 208

Sequence element, 8182

SequenceAcknowledgment element, 8384

serialization, 31

ServiceName element, 78, 165

Signature element

defined, 116

example, 121

overview, 121

SignChallenge element, 198

signing SOAP messages, 133135

SOAP (Simple Object Access Protocol)

adding attachments to messages using WSE, 6668

advanced .NET support, 3738

attaching binary tokens to messages, 129131

attaching to messages, 127131

attaching username tokens to messages, 127129

Base64-coded attachments, 6062

compound structures, 5255

configuring custom message router in WSE, 96

coordination context information in messages, 177178

creating responses using WSE, 40

defined, 2

DIME and, 51, 6473

encrypting messages, 47, 135138

extensibility, 5

handling requests using WSE, 3941

Hello, World example, 3435

how it works, 3941

HTTP as transport, 29, 30, 4345

HTTP protocol bindings, 56

message header elements, 115116, 177178

message security, 4748

message-based nature, 29

MIME encapsulation and, 6364

overview, 1417

reliable messaging standards. See also WS-Addressing specification; WS-ReliableMessaging specification

role in Web services, 28, 29, 30

securing messages via WS-Security specification, 109

sending attachments with messages, 48

setting up listener, 30

signing messages, 133135

TCP/IP as transport, 30, 43

WS-Attachments and, 5173

WSE specifications and, 3839

XML Encryption message examples, 111112

XML Signature message examples, 113115

SOAP Messages with Attachments, 6364

SOAPAction header, 30

SoapContext class, 40, 4345, 95

SoapContext.From property, 43

SoapHeader class, 37

solicit-response messaging, 76

specifications, Web service. See also names of specifications

competitive standards initiatives, 4, 5, 7, 8, 219, 220, 229

foundational standards, 819

goals for standards, 5

in future, 222226

licensing model, 221

overview, 35

proliferation , 219221

role of W3C, 4, 221

standards architecture, 57

WS-* protocols, 8

SpecVersion policy assertion, 147, 151

standards. See specifications, Web service

STS. See security token service (STS)

SubjectName element, 165

SubmitDocument method, 46

Sun Microsystems, 219, 220, 227, 229, 230

SupportsDigitalSignature property, 133

synchronization, need for specification support, 226

System.Web.Services.Protocols namespace, 37