Why and when to perform this task
Applications might need non-repudiable proof of exchanged messages. One example is a Web service that accepts part orders. The business partners establish a form of trust relationship based on public keys. This can be done using the public key infrastructure (PKI) through a third party certificate authority (CA), or by exchanging public keys with a secure channel. The following service is deployed with a signature verification function:
https://foo.com/partorder
Configure signature verification with the following information:
If the signature is missing or if signature verification fails, the signature verification function can be configured so that the servlet returns a SOAP fault.
To send part orders to the https://foo.com/partorder service, the service requester should sign his SOAP messages with a signature component. The signature component is initialized using two templates:
The <ds:SignedInfo> template controls the following:
The <ds:KeyInfo> template controls the following:
You can combine the service request with HTTP basic authentication, if necessary.