4.3 SecurityContextToken Element in a SOAP Request Message
The following is an example of a <Security> element with a security context token, its associated signature, and a timestamp.
-
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <a:Timestamp a:Id="_0" xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <a:Created>2008-08-15T01:48:08.469Z</a:Created> <a:Expires>2008-08-15T01:53:08.469Z</a:Expires> </a:Timestamp> <SecurityContextToken a:Id="_sct" xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns="http://schemas.xmlsoap.org/ws/2005/02/sc"> <Identifier>urn:uuid:8a63487c-662b-40bf-b2df-f3b536062f5e</Identifier> </SecurityContextToken> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> <Reference URI="#_0"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>...</DigestValue> </Reference> </SignedInfo> <SignatureValue>...</SignatureValue> <KeyInfo> <SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <Reference URI="#_sct" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/> </SecurityTokenReference> </KeyInfo> </Signature> </o:Security>