4.3 SecurityContextToken Element in a SOAP Request Message

The following is an example of a <Security> element with a security context token, its associated signature, and a timestamp.

 <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
   <a:Timestamp a:Id="_0" xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
     <a:Created>2008-08-15T01:48:08.469Z</a:Created>
     <a:Expires>2008-08-15T01:53:08.469Z</a:Expires>
   </a:Timestamp>
   <SecurityContextToken a:Id="_sct" xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns="http://schemas.xmlsoap.org/ws/2005/02/sc">
     <Identifier>urn:uuid:8a63487c-662b-40bf-b2df-f3b536062f5e</Identifier>
   </SecurityContextToken>
   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
     <SignedInfo>
       <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
       <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
       <Reference URI="#_0">
         <Transforms>
           <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
         </Transforms>
         <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
         <DigestValue>...</DigestValue>
       </Reference>
     </SignedInfo>
     <SignatureValue>...</SignatureValue>
     <KeyInfo>
       <SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <Reference URI="#_sct" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
       </SecurityTokenReference>
     </KeyInfo>
   </Signature>
 </o:Security>