Web Services Addressing security considerations
It is essential that communications using Web Services Addressing (WS-Addressing) are adequately secured and that a sufficient level of trust is established between the communicating parties. You can achieve secure communications through the signing of WS-Addressing message addressing properties and the encryption of endpoint references.
Signing of WS-Addressing message addressing properties
You can use an assembly tool to specify the message addressing properties, and therefore the WS-Addressing message elements, that require signing, or that require signature verification on inbound requests. The receiver of the message might rely on the presence of this verifiable signature to determine that the outbound message originated from a trusted source. Similarly, the lack of a verifiable signature that is associated with the specified inbound message addressing properties causes the rejection of the message with a SOAP fault.
Encryption of endpoint references
You can encrypt endpoint references as part of the SOAP header or SOAP body. Alternatively, you can remove the need for encryption by not including sensitive information in the [address] or [reference parameters] properties of the endpoint reference.
Related concepts
Web Services Addressing support