XML tokens

XML-based security tokens are growing in popularity. The following formats are well-known examples:

• Security Assertion Markup Language (SAML)
• Extensible Rights Markup Language (XrML)

The extensibility of the <wsse:Security> header in XML-based security tokens enables you to directly insert these security tokens into the header.

SAML assertions are attached to Web services security messages using Web services security by placing assertion elements inside the <wsse:Security> header. The following example illustrates a Web services security message with a SAML assertion token.

<S:Envelope xmlns:S="...">
  <S:Header>
    <wsse:Security xmlns:wsse="...">
      <saml:Assertion MajorVersion="1" MinorVersion="0" AssertionID="SecurityToken-ef375268"
       Issuer="elliotw1" IssueInstant="2002-07-23T11:32:05.6228146-07:00"              
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
        ...
      </saml:Assertion>
        ...
    </wsse:Security>
  </S:Header>
  <S:Body>
    ...
  </S:Body>
</S:Envelope>

For more information on SAML and XrML, see WS-Security Profile for XML-based Tokens (http://www-106.ibm.com/developerworks/library/ws-sectoken.html).