WAS v8.5 > Develop applications > Develop web services - UDDI registry > Develop with the UDDI registry > UDDI registry client programmingDigital signatures and the UDDI registry
In UDDI v3, publishers can digitally sign UDDI elements while they are publishing. The UDDI v3 schema supports the signing of businessEntity, businessServices, bindingTemplate, tModel, and publisherAssertion elements.
We can validate UDDI elements that are digitally signed to prove they have not been modified or tampered with, and their integrity is intact.
For full details about signing UDDI entities and verifying signatures, see Appendix I: Support for XML Digital Signatures in the UDDI v3.0.2. specification.
The UDDI registry does not validate signatures when signed elements are published. When the signed elements are retrieved, the retrieving client is responsible for validating the signature and providing a mechanism to ensure the signer certificate is signed by a Certificate Authority (CA) the client approves and trusts. If a signature is decrypted successfully using the signer public key, it indicates that only the owner of the corresponding private key can have signed and published this element.
Signature generation
The attributes of an element are included in the generation of an element signature. Therefore, all entity keys must be available when the signature is generated. Publishers can generate publisher-assigned keys for all the keys of an element before signing. Alternatively, if publishers publish the element without keys, the registry node generates the required entity keys and then retrieves, signs, and republishes the signed element.
Signature validation
The signature element to validate is in the top-level element that a call to the getXXDetails method returns. The client is responsible for the validation. The client must have previously imported the X509.3 certificate of the publisher, and validated that certificate based on the CA it trusts. In this way, the client has access to the public validation key of the publisher that corresponds to the private signing key the publisher used to sign the entity before publishing it.
We can use the UDDI v3 Client to construct JAX-RPC objects and to invoke the UDDI v3 web service. As part of this client, we can use a helper class, com.ibm.uddi.v3.client.apilayer.xmldig.SignatureUtilities, to create and validate digital signatures on the UDDI v3 entities that support them. For details of APIs in this helper class and the SignatureUtilitiesException exception, see the API information.
For UDDI, digital signatures are used to sign the data. They are not used to authenticate the SOAP message.
Reference:
UDDI v3 Client
Additional Application Programming Interfaces (APIs)
Related information: