47 lines
2.0 KiB
HTML
47 lines
2.0 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
|
|
|
|
<title>XML tokens</title>
|
|
</head>
|
|
|
|
<BODY>
|
|
<!-- Java sync-link -->
|
|
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
|
|
|
<h6><a name="wssecovtokxml"></a>XML tokens</h6>
|
|
|
|
<p>XML-based security tokens are growing in popularity. The following formats are well-known examples:</p>
|
|
|
|
<ul>
|
|
<li>Security Assertion Markup Language (SAML)</li>
|
|
<li>Extensible Rights Markup Language (XrML)</li>
|
|
</ul>
|
|
|
|
<p>The extensibility of the <wsse:Security> header in XML-based security tokens enables you to directly insert these security tokens into the header.</p>
|
|
|
|
<p>SAML assertions are attached to Web services security messages using Web services security by placing assertion elements inside the <wsse:Security> header. The following example illustrates a Web services security message with a SAML assertion token.</p>
|
|
|
|
<pre><S:Envelope xmlns:S="...">
|
|
<S:Header>
|
|
<wsse:Security xmlns:wsse="...">
|
|
<saml:Assertion MajorVersion="1" MinorVersion="0" AssertionID="SecurityToken-ef375268"
|
|
Issuer="elliotw1" IssueInstant="2002-07-23T11:32:05.6228146-07:00"
|
|
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
|
|
...
|
|
</saml:Assertion>
|
|
...
|
|
</wsse:Security>
|
|
</S:Header>
|
|
<S:Body>
|
|
...
|
|
</S:Body>
|
|
</S:Envelope></pre>
|
|
|
|
<p>For more information on SAML and XrML, see <a href="http://www-106.ibm.com/developerworks/library/ws-sectoken.html" target="_">WS-Security Profile for XML-based Tokens</a> <img src="www.gif" width="19" height="15" alt="Link outside Information Center"> (http://www-106.ibm.com/developerworks/library/ws-sectoken.html).</p>
|
|
|
|
</body>
|
|
</html>
|