数码幽灵的自学Blog

.Net 学习历程
  博客园 :: 首页 :: 博问 :: 闪存 :: 新随笔 :: 联系 :: 订阅 订阅 :: 管理 ::
WS-Security学习

This specification provides three main mechanisms: security token propagation, message integrity, and message confidentiality

一个典型的符合WS-Security标准的Soap消息

插入代码好像不能用了 

(001) <?xml version="1.0" encoding="utf-8"?>
(002)  <S:Envelope xmlns:S="http://www.w3.org/2001/12/soap-envelope"
            xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
(003)    <S:Header>
(004)       <m:path xmlns:m="http://schemas.xmlsoap.org/rp/">
(005)         <m:action>http://fabrikam123.com/getQuote</m:action>
(006)         <m:to>http://fabrikam123.com/stocks</m:to>
(007)          <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>
(008)       </m:path>
(009)       <wsse:Security
             xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext">
(010)         wsse:UsernameToken Id="MyID">
(011)             <wsse:Username>Zoe</wsse:Username> 
(012)         </wsse:UsernameToken>
(013)         <ds:Signature>
(014)            <ds:SignedInfo>
(015)               <ds:CanonicalizationMethod
                   Algorithm=
                          "http://www.w3.org/2001/10/xml-exc-c14n#"/>
(016)               <ds:SignatureMethod 
                        Algorithm=
                        "http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
(017)               <ds:Reference URI="#MsgBody">
(018)                  <ds:DigestMethod 
                          Algorithm=
                        "http://www.w3.org/2000/09/xmldsig#sha1"/>
(019)                  <ds:DigestValue>LyLsF0Pi4wPU...</ds:DigestValue>
(020)               </ds:Reference>
(021)            </ds:SignedInfo>
(022)            <ds:SignatureValue>DJbchm5gK...</ds:SignatureValue>
(023)            <ds:KeyInfo>
(024)                <wsse:SecurityTokenReference>
(025)                 <wsse:Reference URI="#MyID"/>
(026)                </wsse:SecurityTokenReference>
(027)            </ds:KeyInfo>
(028)         </ds:Signature>
(029)      </wsse:Security>
(030)   </S:Header>
(031)   <S:Body Id="MsgBody">
(032)     <tru:StockSymbol xmlns:tru="http://fabrikam123.com/payloads">
              QQQ
          </tru:StockSymbol>
(033)   </S:Body>
(034) </S:Envelope>





很多Sercurity的东西都在SoapHeader中体现!
9-29行是标准中的Security Header,其包含了预定接收者所需的Security Infomation
10-12行是分配给该消息的Security Token,在本例中,客户端使用UsernameToken,并且没有在Soap消息中传送密码,所以我们可以假定通讯双方早先已经确定了认证的密码(It's a shared secret)
13-28行是对数字签名的完整描述,这个签名保证签名元素的完整性,该签名使用了XML Signature specification.在本例中,这个签名基于一个从User Password生成的Key当中
15行 specifies how to canonicalize (normalize) the data that is being signed
17-20行选择北签名的元素,17行指明了为<S:Body>的元素将被签名 
22行specifies the signature value of the canonicalized form of the data that is being signed as defined in the XML Signature specification.

23-27行提供一个到那里去寻找分配给security token的签名的Uri的暗示(hint) ;
31-33行包含了对我们有用的Soap消息体

posted on 2005-04-26 11:26  数码幽灵  阅读(888)  评论(1编辑  收藏  举报