XML token
XML tokens are offered in two well-known formats...
- Security Assertion Markup Language (SAML)
- eXtensible rights Markup Language (XrML)
In WAS Versions 6 and later, we can plug in the own implementation. By using extensibility of the <wsse:Security> header in XML-based security tokens, we can directly insert these security tokens into the header. SAML assertions are attached to WS-Security messages using Web Services by placing assertion elements inside the <wsse:Security> header.
The following example illustrates a WS-Security message with a SAML assertion token.
<S:Envelope xmlns:S="..."> <S:Header> <wsse:Security xmlns:wsse="..."> <saml:Assertion MajorVersion="1" MinorVersion="0" AssertionID="SecurityToken-ef375268" Issuer="elliotw1" IssueInstant="2002-07-23T11:32:05.6228146-07:00" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> ... </saml:Assertion> </wsse:Security> </S:Header> <S:Body> ... </S:Body> </S:Envelope>For a complete list of the supported standards and specifications, read about Web services specifications and APIs.
 
Related concepts
What is new for securing Web services
Web services
WS-Security
Related
Web services specifications and APIs