<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head profile="http://internetalchemy.org/2003/02/profile"> <link rel="foaf" type="application/rdf+xml" title="FOAF" href="http://www.openlinksw.com/dataspace/uda/about.rdf" /> <link rel="schema.dc" href="http://purl.org/dc/elements/1.1/" /> <meta name="dc.title" content="15. Web Services" /> <meta name="dc.subject" content="15. Web Services" /> <meta name="dc.creator" content="OpenLink Software Documentation Team ; " /> <meta name="dc.copyright" content="OpenLink Software, 1999 - 2009" /> <link rel="top" href="index.html" title="OpenLink Virtuoso Universal Server: Documentation" /> <link rel="search" href="/doc/adv_search.vspx" title="Search OpenLink Virtuoso Universal Server: Documentation" /> <link rel="parent" href="webservices.html" title="Chapter Contents" /> <link rel="prev" href="voauth.html" title="OAuth Support" /> <link rel="next" href="ws-routing.html" title="Web Services Routing Protocol (WS-Routing)" /> <link rel="shortcut icon" href="../images/misc/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" type="text/css" href="doc.css" /> <link rel="stylesheet" type="text/css" href="/doc/translation.css" /> <title>15. Web Services</title> <meta http-equiv="Content-Type" content="text/xhtml; charset=UTF-8" /> <meta name="author" content="OpenLink Software Documentation Team ; " /> <meta name="copyright" content="OpenLink Software, 1999 - 2009" /> <meta name="keywords" content="" /> <meta name="GENERATOR" content="OpenLink XSLT Team" /> </head> <body> <div id="header"> <a name="vwsssupport" /> <img src="../images/misc/logo.jpg" alt="" /> <h1>15. Web Services</h1> </div> <div id="navbartop"> <div> <a class="link" href="webservices.html">Chapter Contents</a> | <a class="link" href="voauth.html" title="OAuth Support">Prev</a> | <a class="link" href="ws-routing.html" title="Web Services Routing Protocol (WS-Routing)">Next</a> </div> </div> <div id="currenttoc"> <form method="post" action="/doc/adv_search.vspx"> <div class="search">Keyword Search: <br /> <input type="text" name="q" /> <input type="submit" name="go" value="Go" /> </div> </form> <div> <a href="http://www.openlinksw.com/">www.openlinksw.com</a> </div> <div> <a href="http://docs.openlinksw.com/">docs.openlinksw.com</a> </div> <br /> <div> <a href="index.html">Book Home</a> </div> <br /> <div> <a href="contents.html">Contents</a> </div> <div> <a href="preface.html">Preface</a> </div> <br /> <div class="selected"> <a href="webservices.html">Web Services</a> </div> <br /> <div> <a href="soap.html">SOAP</a> </div> <div> <a href="wsdl.html">WSDL</a> </div> <div> <a href="vfoafssl.html">WebID Protocol Support</a> </div> <div> <a href="voauth.html">OAuth Support</a> </div> <div class="selected"> <a href="vwsssupport.html">WS-Security (WSS) Support in Virtuoso SOAP Server</a> <div> <a href="#vwsssrvclisidecerts" title="Client and Server side Certificates & Keys">Client and Server side Certificates & Keys</a> <a href="#vwsssoapendpoint" title="SOAP Server WS-Security Endpoint">SOAP Server WS-Security Endpoint</a> <a href="#vwssvdsoapopt" title="Virtual Directory SOAP WSS Options">Virtual Directory SOAP WSS Options</a> <a href="#vwssaccounting" title="Accounting & Accounting Hook">Accounting & Accounting Hook</a> <a href="#vwsssectemplates" title="Signature Templates">Signature Templates</a> <a href="#vwsssoapclient" title="SOAP Client">SOAP Client</a> </div> </div> <div> <a href="ws-routing.html">Web Services Routing Protocol (WS-Routing)</a> </div> <div> <a href="warm.html">Web Services Reliable Messaging Protocol (WS-ReliableMessaging)</a> </div> <div> <a href="vwstrust.html">Web Services Trust Protocol (WS-Trust)</a> </div> <div> <a href="xmlxmla.html">XML for Analysis Provider</a> </div> <div> <a href="xmlrpc.html">XML-RPC support</a> </div> <div> <a href="syncml.html">SyncML</a> </div> <div> <a href="uddi.html">UDDI</a> </div> <div> <a href="expwsmodules.html">Exposing Persistent Stored Modules as Web Services</a> </div> <div> <a href="vsmx.html">Testing Web Published Web Services</a> </div> <div> <a href="bpel.html">BPEL Reference</a> </div> <div> <a href="xsql.html">XSQL</a> </div> <br /> </div> <div id="text"> <a name="vwsssupport" /> <h2>15.5. WS-Security (WSS) Support in Virtuoso SOAP Server</h2> <p>The following terms are used in this section in the following meanings:</p> <ul> <li> <div class="formalpara"> <strong>encryption</strong> <p>The process of making data unreadable using some secret (see 'key')</p> </div> </li> <li> <div class="formalpara"> <strong>decryption</strong> <p>The opposite of encryption</p> </div> </li> <li> <div class="formalpara"> <strong>signature</strong> <p>A sequence of binary codes that is calculated based on the original data and a key to secure the content from undetected change.</p> </div> </li> <li> <div class="formalpara"> <strong>key</strong> <p>A secret, depending on the type can be symmetric or asymmetric.</p> </div> <p>Typical symmetric keys are passwords. Symmetric keys are by their nature more at risk of being compromised if the secret key is stolen. Symmetric keys are usually used to encrypt large amounts of data as they are very fast.</p> <p>Asymmetric keys are more secure and their structure is more complicated. Asymmetric keys generally consist of a private and public key pair. The owner of the key can sign data to be verified by recipient with public key. A correspondent can encrypt the data using public key to be decrypted by private key owner. Asymmetric keys are used to sign data, or encrypt small amounts of data as they are slower to process than symmetric ones.</p> </li> <li> <div class="formalpara"> <strong>certificate</strong> <p>This is a structure of secure data, which identifies a certificate owner. This is similar to having a user-name and password but more secure. A 'certificate' can be associated with a document as an alias of the X.509 certificate. Certificates are issued by a third-party, not the owner or recipient in the verification path, namely the Certificate Authority (CA). The CA's function is to guarantee that a receiver can trust data accompanied by a particular certificate. Certificates will contain a public key, but never the private key. These must be distinguished from certificates that are exported together with their private key in PKCS#12 format, these are different things.</p> </div> </li> <li> <div class="formalpara"> <strong>user account space</strong> <p>This is a data area where a user can store private data. Only ODBC sessions and web page processing code which runs on behalf of a certain SQL user account has access to this area. This is useful for caching private security related information such as keys or certificates.</p> </div> </li> <li> <div class="formalpara"> <strong>key reference</strong> <p>A short hand for a key, sometime called a 'key name'. This is a string to uniquely identify a key in a user account space. </p> </div> </li> <li> <div class="formalpara"> <strong>key instance</strong> <p>An entity representing a key in PL, this is a not the key per se. The key instance is used in encryption or decryption routines.</p> </div> </li> </ul> <p>The following algorithms are supported:</p> <ul> <li>RSA (http://www.w3.org/2001/04/xmlenc#rsa-1_5)</li> <li>DSA (http://www.w3.org/2001/04/xmlenc#dsa)</li> <li>triple DES (http://www.w3.org/2001/04/xmlenc#tripledes-cbc)</li> <li>AES128 (http://www.w3.org/2001/04/xmlenc#aes128-cbc)</li> <li>AES192 (http://www.w3.org/2001/04/xmlenc#aes192-cbc)</li> <li>AES256 (http://www.w3.org/2001/04/xmlenc#aes256-cbc)</li> </ul> <p>Digest algorithms:</p> <ul> <li>SHA1 (http://www.w3.org/2000/09/xmldsig#sha1)</li> </ul> <p>Signing algorithms: </p> <ul> <li>RSA-SHA1 (http://www.w3.org/2000/09/xmldsig#rsa-sha1)</li> <li>DSA-SHA1 (http://www.w3.org/2000/09/xmldsig#dsa-sha1)</li> </ul> <p>Canonicalization algorithms with comments:</p> <ul> <li>(http://www.w3.org/TR/2001/REC-xml-c14n-20010315)</li> <li>(http://www.w3.org/TR/2001/REC-xml-c14n)</li> </ul> <p>The keys can be temporary or persistent keys. Temporary keys are loaded only in memory an will be lost when the server is restarted. These are usually used for making symmetric session keys. Persistent keys are kept on the file-system or in the database and will be loaded upon server startup. These are asymmetric keys, certificates that belong to the user.</p> <p>The location where persistent keys are stored depends on the key reference. If the key reference is a 'file:' URI, then the API's assume file-system storage, otherwise they will be kept in the U_OPT column of the SYS_USERS table as a serialized string. The API functions are described below. Whether keys are stored on the file-system or within the database they will have an in-memory representation which is used in crypto functions. The memory cache of keys is contained in the user account space, hence no user can access or reference another user's keys. Furthermore if a user account is removed all associated keys will also be removed if they were stored in the database. If the keys were on the file-system only the in-memory cache will be deleted.</p> <a name="vwsssrvclisidecerts" /> <h3>15.5.1. Client and Server side Certificates & Keys</h3> <p>Since XML encoding routines are executed on server-side, we cannot strictly say that we have client and server certificates (as browser and HTTPS server). To perform the encoding on behalf of a client or user account, the XML encoding functions need to have the keys and certificates loaded in the memory cache of the user. The same applies to server keys and certificates. Therefore we will refer to these as client or server security tokens that are kept on server-side. </p> <div class="note"> <div class="notetitle">Note:</div> <p>Uploading of keys and certificate must be done under a secure SSL/TLS connection to minimize the risk of vulnerability. </p> </div> <a name="vwsskeydefpersist" /> <h4>15.5.1.1. Key Definition & Persistence</h4> <p> <a href="fn_xenc_key_3DES_rand_create.html">xenc_key_3DES_rand_create()</a> </p> <p> <a href="fn_USER_KEY_LOAD.html">USER_KEY_LOAD()</a> </p> <br /> <a name="vwsskeyenc" /> <h4>15.5.1.2. Key Encryption</h4> <p>To minimize the risk of non-authorized private key usage, keys are usually kept encrypted with password. If a key or certificate containing a key is loaded using a password, the API will assume it is an encrypted private key and will be kept in that form. In other words encrypted keys are kept in their encrypted form in memory, there will be no raw certificate or key data if the encrypted form is used to import. Virtuoso will ask for passwords to unlock persisted encrypted keys upon server restart. This is only possible when the server is running in foreground mode. If the server is started as background process and the key needs a password to decrypt and load, an error will be logged in the virtuoso log file and that particular key will not be loaded.</p> <a name="vwsspasslog" /> <div class="example"> <div class="exampletitle">An example of a password prompt and log on success</div> <div> <pre class="screen"> Enter a password for key "wss.pfx": 13:14:04 PL LOG: XENC: Loaded : wss.pfx </pre> </div> </div> <br /> <a name="vwssreferencingkeys" /> <h4>15.5.1.3. Referencing Keys</h4> <p>To make a run-time key instance, used for XML encryption functions, and to perform server or client side the <a href="fn_xenc_key_inst_create.html">xenc_key_inst_create (in key_name varchar[, super key inst])</a> function can be used.</p> <a name="vwssrefkeyex" /> <div class="example"> <div class="exampletitle">Example</div> <div> <pre class="programlisting"> create procedure DB.DBA.WSDK_GET_KEY () { -- this returns a instance of shared secret suitable for content encryption return xenc_key_inst_create ('WSDK Sample Symmetric Key'); } ; create procedure DB.DBA.WS_SOAP_GET_KEY () { declare superkey, keyinst any; superkey := xenc_key_inst_create ('file:dsa.der'); -- already loaded asymmetric key (see above example) -- this returns a session key , to be encrypted with a asymmetric one keyinst := xenc_key_inst_create (xenc_key_3DES_rand_create (NULL), superkey); return keyinst; } ; </pre> </div> </div> <br /> <a name="vwsskeyremoval" /> <h4>15.5.1.4. Key Removal</h4> <p>To delete a key, persistent or otherwise, the following function is used:</p> <p> <a href="fn_xenc_key_remove.html">xenc_key_remove()</a> </p> <br /> <br /> <a name="vwsssoapendpoint" /> <h3>15.5.2. SOAP Server WS-Security Endpoint</h3> <p>The WS-Security processing is performed by filtering incoming and outgoing messages of the Virtuoso SOAP server. These filters are activated when a special SOAP option is set on the current virtual directory that is the SOAP endpoint. The WS-Security filters are invoked on input to verify / decrypt the message. Upon success the message will be processed by the SOAP server, otherwise a <span class="computeroutput">SOAP:Fault</span> will be returned to the SOAP requester. On outgoing messages, depending of SOAP options, messages produced by the SOAP server can be encoded and signed as well. The administrator configures the WS Security subsystem at the access point level. Different security schemes involving encryption and/or signature can be selected.</p> <p>The keys and certificates need to be defined in order to get a working secure service. The key/certificate(s) for the SOAP endpoint that is WS-Security enabled are referenced in a special PL hook and/or signature template. If none of these (signature or key instance hook) are defined the response will not be encrypted or signed.</p> <p>Here are the steps involved in processing a message to a secure end point.</p> <ol> <li> <p>SOAP server receives a message on a secure endpoint</p> </li> <li> <p>The message is determined to be for this endpoint, otherwise will be sent to the next SOAP router if routing is enabled. </p> </li> <li> <p>The message (as is) is passed to the decoding routine. At this point keys that are referenced in SOAP message need to be in the user space of the SQL account on whose behalf SOAP accessible procedures of this end point run. If any key does not exist in the user space, the requested processing will fail.</p> <div class="note"> <div class="notetitle">Note:</div> <p>Signatures can be verified in the following manners:</p> <ul> <li>never try signatures</li> <li>expect signatures, explicit</li> <li>try signature if exists</li> </ul> <p>This behavior depends on the "WSS-Validate-Signature" option set for the virtual directory.</p> </div> </li> <li> <p>If step 3 completes without problem, security related headers are stripped from the decoded message.</p> </li> <li> <p>The result of point 4 is passed to the usual SOAP server for processing.</p> </li> <li> <p>Once a response is generated by the SOAP method (i.e. corresponding PL procedure, exposed as SOAP method) the result will be encoded and/or signed. This is the last step before the result is sent back to the requestor client. At this point the server behavior is controlled by a few options defined in the virtual directory. See below: "WSS-KEY", "WSS-Template", and "WSS-Type" options.</p> </li> </ol> <br /> <a name="vwssvdsoapopt" /> <h3>15.5.3. Virtual Directory SOAP WSS Options</h3> <p>The following SOAP options are available for configuring a virtual directory:</p> <ul> <li> <div class="formalpara"> <strong>WS-SEC</strong> <p>WS-Security processing is enabled on the endpoint, in practice this enables the input and output message filters for Security Header processing. This MUST be set to enable WS-Security endpoints. All other WS related options will be ignored if this option is disabled. The possible values for this option are "yes" or "no"</p> </div> </li> <li> <div class="formalpara"> <strong>WSS-KEY</strong> <p>The name of a PL procedure that is expected to return a key instance. Examples of this can be found in the <a href="vwsssupport.html#vwssreferencingkeys">Referencing Keys</a> section. If this NULL or undefined the SOAP server will not encrypt outgoing messages. </p> </div> </li> <li> <div class="formalpara"> <strong>WSS-Template</strong> <p>path and file name to a file containing a template - an instruction for how to make the XML signature for the response message. For more information see the <a href="vwsssupport.html#vwsssectemplates">Security Templates</a> section. If this option is NULL or undefined the SOAP server will not sign any outgoing messages from this endpoint. As an example, if the value "sig.xml" was supplied to this option this would imply that the content of template is stored in the file called sig.xml located in the servers working directory. A default template can be used by setting this option to the value <span class="computeroutput">[key reference for signing]</span> - (note '[]' around name is required). In this case the server will generate a default template based on a key, and produce a default rule for making a signature.</p> </div> </li> <li> <div class="formalpara"> <strong>WSS-Validate-Signature</strong> <p>This option controls how the SOAP server responds to incoming messages i.e. how to verify the incoming message.</p> </div> <p>possible values are:</p> <ul> <li> <strong>0</strong> do not verify signatures</li> <li> <strong>1</strong> expects signature to exist</li> <li> <strong>2</strong> will verify signature if exists</li> </ul> </li> </ul> <a name="vwssvirtdirexpl" /> <div class="example"> <div class="exampletitle">Configuring WS Secure Endpoints</div> <div> <pre class="programlisting"> -- definition of /SecureWebServices endpoint VHOST_DEFINE ( lpath=>'/SecureWebServices', ppath=>'/SOAP/', soap_user=>'WSS', soap_opts=>vector( 'Namespace','http://temp.uri/', 'MethodInSoapAction','yes', 'ServiceName', 'WSSecure', 'CR-escape', 'no', 'WS-SEC','yes', 'WSS-Validate-Signature', 2) ) ;</pre> </div> <p>this will define a WS-Security enabled endpoint that is compatible with .NET WSDK examples. This endpoint will accept encrypted/or signed SOAP messages and will generate an error if security checking fails. Upon success it will return non-encrypted message. Therefore it's a one-way encryption example.</p> <div> <pre class="programlisting"> -- complex example VHOST_DEFINE ( lpath=>'/wss', ppath=>'/SOAP/', soap_user=>'WSS', soap_opts=>vector( 'Namespace','http://soapinterop.org/', 'MethodInSoapAction','no', 'ServiceName', 'WSSecure', 'HeaderNS', 'http://soapinterop.org/echoheader/', 'CR-escape', 'no', 'WS-SEC','yes', 'WSS-KEY','DB.DBA.WS_SOAP_GET_KEY', 'WSS-Template','wss_tmpl.xml', 'WSS-Validate-Signature', 1) ) ;</pre> </div> <p>This endpoint will expect signed and encrypted incoming messages and will sign and encrypt outgoing messages too. This is a two-way encryption example, for client to server and reverse.</p> </div> <br /> <a name="vwssaccounting" /> <h3>15.5.4. Accounting & Accounting Hook</h3> <p>If an X.509 certificate is used to sign an incoming message, the following connection variables will be available to the SOAP processing function and accounting hook:</p> <ul> <li> <strong>wss-token-owner</strong> owner of certificate, an example is "C=US/ST=MA/CN=User Name".</li> <li> <strong>wss-token-issuer</strong> issued by , it's like above , but it's name of who is issued the certificate.</li> <li> <strong>wss-token-serial</strong> serial number, an integer specific to certificate issuer.</li> <li> <strong>wss-token-start</strong> valid from, a string containing a data of validity.</li> <li> <strong>wss-token-end</strong> valid to, a string containing data of end of validity.</li> </ul> <p>These can be accessed by invoking connection_get([name-of-info]) when processing the SOAP request, i.e. in the procedure being invoked or from a user defined accounting hook.</p> <p>A user defined procedure hook named DB.DBA.WS_SOAP_ACCOUNTING can be used for accounting purposes. If it exists it will be invoked after the connection information is set. This PL hook should return 0 when an error occurs or 1 upon success. Hence, a SOAP request may be rejected based on some custom condition. </p> <p>The procedure prototype is :</p> <div> <pre class="programlisting"> create procedure DB.DBA.WS_SOAP_ACCOUNTING () { -- custom logic return 1; -- on success return 0; -- on failure } ;</pre> </div> <p>Note that the usage of this functionality is global to the Virtuoso server, To get similar functionality for each SOAP method, the developer will need to include account checking within the PL procedures that are exposed as SOAP methods.</p> <br /> <a name="vwsssectemplates" /> <h3>15.5.5. Signature Templates</h3> <p>Signature templates are used to define how signatures are generated for SOAP messages. They are XML files containing a structure of Signature elements as per XML Signature standard. The DigestValue and SignatureValue elements are empty, so they will be filled upon output. The most important element is the KeyName element. This must contain a reference to an existing key from the user account space. This key reference does not need to be the same as key for data encryption, it can be a different key. Please note that XML encoding routines will resolve the key automatically, so there is no need to specify how the key instance will be obtained, hence no relation to "WSS-Key" from SOAP options section (above).</p> <a name="vwssdefaulttemplate" /> <h4>15.5.5.1. Default Template Generation</h4> <p>The default template will create an XML Signature using the following definitions:</p> <p>a) have a simple template corresponding to a key reference (and it's algorithm) as:</p> <div> <pre class="programlisting"> TEMP := <?xml version="1.0" encoding="UTF-8"?> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" > <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <SignatureMethod Algorithm="[key algorithm]" /> </SignedInfo> <SignatureValue></SignatureValue> <KeyInfo> <KeyName>[key reference]</KeyName> </KeyInfo> </Signature>' </pre> </div> <p>b) generate references to template a), using the <span class="computeroutput">dsig_template_ext()</span> function and BODY of the SOAP request.</p> <div> <pre class="programlisting"> TEMPLATE := dsig_template_ext (xtree_doc (SOAP_BODY), TEMP, 'http://schemas.xmlsoap.org/soap/envelope/', 'Body', 'http://schemas.xmlsoap.org/rp', 'action', 'http://schemas.xmlsoap.org/rp', 'to', 'http://schemas.xmlsoap.org/rp', 'id', 'http://schemas.xmlsoap.org/ws/2002/07/utility', 'Created', 'http://schemas.xmlsoap.org/ws/2002/07/utility', 'Expires'); </pre> </div> <p>In other words, the 'Body' of the SOAP message, part of the routing header elements ('action,'to','id') and, if it exists, Timestamp headers ('Created', 'Expires').</p> <a name="vwssusingdefaulttemplate" /> <div class="example"> <div class="exampletitle">Using default templates</div> <p>This example demonstrates the use of the default template mechanism and X.509 certificate with RSA key:</p> <div> <pre class="programlisting"> --------------- SOAP message <SOAP:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext" xmlns:dt="urn:schemas-microsoft-com:datatypes"> <SOAP:Header /> <SOAP:Body Id="Id-2e7c29c7-8645-4ad8-af59-06bed179d2fb"> <AddInt xmlns="http://microsoft.com/wsdk/samples/SumService"> <a>3</a> <b>4</b> </AddInt> </SOAP:Body> </SOAP:Envelope> --------------- Generated signature template <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod> <ds:Reference URI="#Id-2e7c29c7-8645-4ad8-af59-06bed179d2fb"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue></ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue></ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#SecurityToken-24c152e3-26e0-d611-bb59-90b4c67d3be5"></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </pre> </div> <p>Now, an example of a user defined template:</p> <div> <pre class="programlisting"> <?xml version="1.0" encoding="UTF-8"?> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" /> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue></DigestValue> </Reference> </SignedInfo> <SignatureValue></SignatureValue> <KeyInfo> <KeyName>file:dsa.der</KeyName> </KeyInfo> </Signature> </pre> </div> </div> <br /> <br /> <a name="vwsssoapclient" /> <h3>15.5.6. SOAP Client</h3> <p>The <span class="computeroutput">soap_client()</span> function is used to make soap requests. Upon success it will return an array containing the XML tree of the result. However, it can return more complex results when the debug parameter is enabled, in which case it can return the request and the response messages as well. Some of the parameters are optional, not all are required and they can be named.</p> <div class="tip"> <div class="tiptitle">See Also:</div> <p> <a href="fn_soap_client.html"> soap_client()</a> </p> </div> <br /> <table border="0" width="90%" id="navbarbottom"> <tr> <td align="left" width="33%"> <a href="voauth.html" title="OAuth Support">Previous</a> <br />OAuth Support</td> <td align="center" width="34%"> <a href="webservices.html">Chapter Contents</a> </td> <td align="right" width="33%"> <a href="ws-routing.html" title="Web Services Routing Protocol (WS-Routing)">Next</a> <br />Web Services Routing Protocol (WS-Routing)</td> </tr> </table> </div> <div id="footer"> <div>Copyright© 1999 - 2009 OpenLink Software All rights reserved.</div> <div id="validation"> <a href="http://validator.w3.org/check/referer"> <img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0!" height="31" width="88" /> </a> <a href="http://jigsaw.w3.org/css-validator/"> <img src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" height="31" width="88" /> </a> </div> </div> </body> </html>