ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamy_5.4.0.1/50/webserv/wssecovtokxml.htm

47 lines
2.0 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>XML tokens</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h6><a name="wssecovtokxml"></a>XML tokens</h6>
<p>XML-based security tokens are growing in popularity. The following formats are well-known examples:</p>
<ul>
<li>Security Assertion Markup Language (SAML)</li>
<li>Extensible Rights Markup Language (XrML)</li>
</ul>
<p>The extensibility of the &lt;wsse:Security&gt; header in XML-based security tokens enables you to directly insert these security tokens into the header.</p>
<p>SAML assertions are attached to Web services security messages using Web services security by placing assertion elements inside the &lt;wsse:Security&gt; header. The following example illustrates a Web services security message with a SAML assertion token.</p>
<pre>&lt;S:Envelope xmlns:S=&quot;...&quot;&gt;
&lt;S:Header&gt;
&lt;wsse:Security xmlns:wsse=&quot;...&quot;&gt;
&lt;saml:Assertion MajorVersion=&quot;1&quot; MinorVersion=&quot;0&quot; AssertionID=&quot;SecurityToken-ef375268&quot;
Issuer=&quot;elliotw1&quot; IssueInstant=&quot;2002-07-23T11:32:05.6228146-07:00&quot;
xmlns:saml=&quot;urn:oasis:names:tc:SAML:1.0:assertion&quot;&gt;
...
&lt;/saml:Assertion&gt;
...
&lt;/wsse:Security&gt;
&lt;/S:Header&gt;
&lt;S:Body&gt;
...
&lt;/S:Body&gt;
&lt;/S:Envelope&gt;</pre>
<p>For more information on SAML and XrML, see <a href="http://www-106.ibm.com/developerworks/library/ws-sectoken.html" target="_">WS-Security Profile for XML-based Tokens</a> <img src="www.gif" width="19" height="15" alt="Link outside Information Center"> (http://www-106.ibm.com/developerworks/library/ws-sectoken.html).</p>
</body>
</html>