Home

 

Message integrity

To validate a message has not been tampered with or corrupted during its transmission over the Internet, the message can be digitally signed using security keys. The sender uses the private key of the their X.509 certificate to digitally sign the SOAP request. The receiver uses the sender's public key to check the signature and identity of the signer. The receiver signs the response with their private key, and the sender is able to validate the response has not been tampered with or corrupted using the receiver's public key to check the signature and identity of the responder. The WS-Security: SOAP Message Security 1.0/1.1 specification describes enhancements to SOAP messaging to provide message integrity.

ibm.com/redbooks