<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head profile="http://internetalchemy.org/2003/02/profile">
<link rel="foaf" type="application/rdf+xml" title="FOAF" href="http://www.openlinksw.com/dataspace/uda/about.rdf" />
<link rel="schema.dc" href="http://purl.org/dc/elements/1.1/" />
<meta name="dc.title" content="15. Web Services" />
<meta name="dc.subject" content="15. Web Services" />
<meta name="dc.creator" content="OpenLink Software Documentation Team ; " />
<meta name="dc.copyright" content="OpenLink Software, 1999 - 2009" />
<link rel="top" href="index.html" title="OpenLink Virtuoso Universal Server: Documentation" />
<link rel="search" href="/doc/adv_search.vspx" title="Search OpenLink Virtuoso Universal Server: Documentation" />
<link rel="parent" href="webservices.html" title="Chapter Contents" />
<link rel="prev" href="voauth.html" title="OAuth Support" />
<link rel="next" href="ws-routing.html" title="Web Services Routing Protocol (WS-Routing)" />
<link rel="shortcut icon" href="../images/misc/favicon.ico" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="doc.css" />
<link rel="stylesheet" type="text/css" href="/doc/translation.css" />
<title>15. Web Services</title>
<meta http-equiv="Content-Type" content="text/xhtml; charset=UTF-8" />
<meta name="author" content="OpenLink Software Documentation Team ; " />
<meta name="copyright" content="OpenLink Software, 1999 - 2009" />
<meta name="keywords" content="" />
<meta name="GENERATOR" content="OpenLink XSLT Team" />
</head>
<body>
<div id="header">
<a name="vwsssupport" />
<img src="../images/misc/logo.jpg" alt="" />
<h1>15. Web Services</h1>
</div>
<div id="navbartop">
<div>
<a class="link" href="webservices.html">Chapter Contents</a> | <a class="link" href="voauth.html" title="OAuth Support">Prev</a> | <a class="link" href="ws-routing.html" title="Web Services Routing Protocol (WS-Routing)">Next</a>
</div>
</div>
<div id="currenttoc">
<form method="post" action="/doc/adv_search.vspx">
<div class="search">Keyword Search: <br />
<input type="text" name="q" /> <input type="submit" name="go" value="Go" />
</div>
</form>
<div>
<a href="http://www.openlinksw.com/">www.openlinksw.com</a>
</div>
<div>
<a href="http://docs.openlinksw.com/">docs.openlinksw.com</a>
</div>
<br />
<div>
<a href="index.html">Book Home</a>
</div>
<br />
<div>
<a href="contents.html">Contents</a>
</div>
<div>
<a href="preface.html">Preface</a>
</div>
<br />
<div class="selected">
<a href="webservices.html">Web Services</a>
</div>
<br />
<div>
<a href="soap.html">SOAP</a>
</div>
<div>
<a href="wsdl.html">WSDL</a>
</div>
<div>
<a href="vfoafssl.html">WebID Protocol Support</a>
</div>
<div>
<a href="voauth.html">OAuth Support</a>
</div>
<div class="selected">
<a href="vwsssupport.html">WS-Security (WSS) Support in Virtuoso SOAP Server</a>
<div>
<a href="#vwsssrvclisidecerts" title="Client and Server side Certificates & Keys">Client and Server side Certificates & Keys</a>
<a href="#vwsssoapendpoint" title="SOAP Server WS-Security Endpoint">SOAP Server WS-Security Endpoint</a>
<a href="#vwssvdsoapopt" title="Virtual Directory SOAP WSS Options">Virtual Directory SOAP WSS Options</a>
<a href="#vwssaccounting" title="Accounting & Accounting Hook">Accounting & Accounting Hook</a>
<a href="#vwsssectemplates" title="Signature Templates">Signature Templates</a>
<a href="#vwsssoapclient" title="SOAP Client">SOAP Client</a>
</div>
</div>
<div>
<a href="ws-routing.html">Web Services Routing Protocol (WS-Routing)</a>
</div>
<div>
<a href="warm.html">Web Services Reliable Messaging Protocol (WS-ReliableMessaging)</a>
</div>
<div>
<a href="vwstrust.html">Web Services Trust Protocol (WS-Trust)</a>
</div>
<div>
<a href="xmlxmla.html">XML for Analysis Provider</a>
</div>
<div>
<a href="xmlrpc.html">XML-RPC support</a>
</div>
<div>
<a href="syncml.html">SyncML</a>
</div>
<div>
<a href="uddi.html">UDDI</a>
</div>
<div>
<a href="expwsmodules.html">Exposing Persistent Stored Modules as Web Services</a>
</div>
<div>
<a href="vsmx.html">Testing Web Published Web Services</a>
</div>
<div>
<a href="bpel.html">BPEL Reference</a>
</div>
<div>
<a href="xsql.html">XSQL</a>
</div>
<br />
</div>
<div id="text">
<a name="vwsssupport" />
<h2>15.5. WS-Security (WSS) Support in Virtuoso SOAP Server</h2>
<p>The following terms are used in this section in the following meanings:</p>
<ul>
<li>
<div class="formalpara">
<strong>encryption</strong>
<p>The process of making data unreadable using some secret (see 'key')</p>
</div>
</li>
<li>
<div class="formalpara">
<strong>decryption</strong>
<p>The opposite of encryption</p>
</div>
</li>
<li>
<div class="formalpara">
<strong>signature</strong>
<p>A sequence of binary codes that is calculated based on the original data
and a key to secure the content from undetected change.</p>
</div>
</li>
<li>
<div class="formalpara">
<strong>key</strong>
<p>A secret, depending on the type can be symmetric or asymmetric.</p>
</div>
<p>Typical symmetric keys are passwords. Symmetric keys are by their
nature more at risk of being compromised if the secret key is stolen. Symmetric
keys are usually used to encrypt large amounts of data as they are very fast.</p>
<p>Asymmetric keys are more secure and their structure is more complicated.
Asymmetric keys generally consist of a private and public key pair. The owner
of the key can sign data to be verified by recipient with public key. A
correspondent can encrypt the data using public key to be decrypted by private
key owner. Asymmetric keys are used to sign data, or encrypt small amounts of
data as they are slower to process than symmetric ones.</p>
</li>
<li>
<div class="formalpara">
<strong>certificate</strong>
<p>This is a structure of secure data, which identifies a certificate owner.
This is similar to having a user-name and password but more secure. A
'certificate' can be associated with a document as an alias of the X.509
certificate. Certificates are issued by a third-party, not the owner or
recipient in the verification path, namely the Certificate Authority (CA).
The CA's function is to guarantee that a receiver can trust data accompanied
by a particular certificate. Certificates will contain a public key, but
never the private key. These must be distinguished from certificates that
are exported together with their private key in PKCS#12 format, these are
different things.</p>
</div>
</li>
<li>
<div class="formalpara">
<strong>user account space</strong>
<p>This is a data area where a user can store private data.
Only ODBC sessions and web page processing code which runs on behalf of a
certain SQL user account has access to this area. This is useful for caching
private security related information such as keys or certificates.</p>
</div>
</li>
<li>
<div class="formalpara">
<strong>key reference</strong>
<p>A short hand for a key, sometime called a 'key name'. This is a string
to uniquely identify a key in a user account space. </p>
</div>
</li>
<li>
<div class="formalpara">
<strong>key instance</strong>
<p>An entity representing a key in PL, this is a not the key per se.
The key instance is used in encryption or decryption routines.</p>
</div>
</li>
</ul>
<p>The following algorithms are supported:</p>
<ul>
<li>RSA (http://www.w3.org/2001/04/xmlenc#rsa-1_5)</li>
<li>DSA (http://www.w3.org/2001/04/xmlenc#dsa)</li>
<li>triple DES (http://www.w3.org/2001/04/xmlenc#tripledes-cbc)</li>
<li>AES128 (http://www.w3.org/2001/04/xmlenc#aes128-cbc)</li>
<li>AES192 (http://www.w3.org/2001/04/xmlenc#aes192-cbc)</li>
<li>AES256 (http://www.w3.org/2001/04/xmlenc#aes256-cbc)</li>
</ul>
<p>Digest algorithms:</p>
<ul>
<li>SHA1 (http://www.w3.org/2000/09/xmldsig#sha1)</li>
</ul>
<p>Signing algorithms: </p>
<ul>
<li>RSA-SHA1 (http://www.w3.org/2000/09/xmldsig#rsa-sha1)</li>
<li>DSA-SHA1 (http://www.w3.org/2000/09/xmldsig#dsa-sha1)</li>
</ul>
<p>Canonicalization algorithms with comments:</p>
<ul>
<li>(http://www.w3.org/TR/2001/REC-xml-c14n-20010315)</li>
<li>(http://www.w3.org/TR/2001/REC-xml-c14n)</li>
</ul>
<p>The keys can be temporary or persistent keys. Temporary keys are loaded
only in memory an will be lost when the server is restarted. These are usually
used for making symmetric session keys. Persistent keys are kept on the
file-system or in the database and will be loaded upon server startup. These
are asymmetric keys, certificates that belong to the user.</p>
<p>The location where persistent keys are stored depends on the key reference.
If the key reference is a 'file:' URI, then the API's assume file-system storage,
otherwise they will be kept in the U_OPT column of the SYS_USERS table as a
serialized string. The API functions are described below. Whether keys are
stored on the file-system or within the database they will have an
in-memory representation which is used in crypto functions. The memory cache
of keys is contained in the user account space, hence no user can access or
reference another user's keys. Furthermore if a user account is removed all
associated keys will also be removed if they were stored in the database.
If the keys were on the file-system only the in-memory cache will be deleted.</p>
<a name="vwsssrvclisidecerts" />
<h3>15.5.1. Client and Server side Certificates & Keys</h3>
<p>Since XML encoding routines are executed on server-side, we cannot strictly
say that we have client and server certificates (as browser and HTTPS server).
To perform the encoding on behalf of a client or user account, the XML encoding
functions need to have the keys and certificates loaded in the memory cache of
the user. The same applies to server keys and certificates. Therefore we will
refer to these as client or server security tokens that are kept on server-side.
</p>
<div class="note">
<div class="notetitle">Note:</div>
<p>Uploading of keys and certificate must be done under
a secure SSL/TLS connection to minimize the risk of vulnerability. </p>
</div>
<a name="vwsskeydefpersist" />
<h4>15.5.1.1. Key Definition & Persistence</h4>
<p>
<a href="fn_xenc_key_3DES_rand_create.html">xenc_key_3DES_rand_create()</a>
</p>
<p>
<a href="fn_USER_KEY_LOAD.html">USER_KEY_LOAD()</a>
</p>
<br />
<a name="vwsskeyenc" />
<h4>15.5.1.2. Key Encryption</h4>
<p>To minimize the risk of non-authorized private key usage, keys are
usually kept encrypted with password. If a key or certificate containing a key
is loaded using a password, the API will assume it is an encrypted private key
and will be kept in that form. In other words encrypted keys are kept in
their encrypted form in memory, there will be no raw certificate or key data
if the encrypted form is used to import. Virtuoso will ask for passwords to
unlock persisted encrypted keys upon server restart. This is only possible
when the server is running in foreground mode. If the server is started as
background process and the key needs a password to decrypt and load,
an error will be logged in the virtuoso log file and that particular key will
not be loaded.</p>
<a name="vwsspasslog" />
<div class="example">
<div class="exampletitle">An example of a password prompt and log on success</div>
<div>
<pre class="screen">
Enter a password for key "wss.pfx":
13:14:04 PL LOG: XENC: Loaded : wss.pfx
</pre>
</div>
</div>
<br />
<a name="vwssreferencingkeys" />
<h4>15.5.1.3. Referencing Keys</h4>
<p>To make a run-time key instance, used for XML encryption functions,
and to perform server or client side the
<a href="fn_xenc_key_inst_create.html">xenc_key_inst_create (in key_name varchar[, super key inst])</a>
function can be used.</p>
<a name="vwssrefkeyex" />
<div class="example">
<div class="exampletitle">Example</div>
<div>
<pre class="programlisting">
create procedure
DB.DBA.WSDK_GET_KEY ()
{
-- this returns a instance of shared secret suitable for content encryption
return xenc_key_inst_create ('WSDK Sample Symmetric Key');
}
;
create procedure
DB.DBA.WS_SOAP_GET_KEY ()
{
declare superkey, keyinst any;
superkey := xenc_key_inst_create ('file:dsa.der'); -- already loaded asymmetric key (see above example)
-- this returns a session key , to be encrypted with a asymmetric one
keyinst := xenc_key_inst_create (xenc_key_3DES_rand_create (NULL), superkey);
return keyinst;
}
;
</pre>
</div>
</div>
<br />
<a name="vwsskeyremoval" />
<h4>15.5.1.4. Key Removal</h4>
<p>To delete a key, persistent or otherwise, the following function
is used:</p>
<p>
<a href="fn_xenc_key_remove.html">xenc_key_remove()</a>
</p>
<br />
<br />
<a name="vwsssoapendpoint" />
<h3>15.5.2. SOAP Server WS-Security Endpoint</h3>
<p>The WS-Security processing is performed by filtering incoming and
outgoing messages of the Virtuoso SOAP server. These filters are activated
when a special SOAP option is set on the current virtual directory that is
the SOAP endpoint. The WS-Security filters are invoked on input to
verify / decrypt the message. Upon success the message will be processed by
the SOAP server, otherwise a <span class="computeroutput">SOAP:Fault</span> will be
returned to the SOAP requester. On outgoing messages, depending of SOAP options,
messages produced by the SOAP server can be encoded and signed as well.
The administrator configures the WS Security subsystem at the access point
level. Different security schemes involving encryption and/or signature
can be selected.</p>
<p>The keys and certificates need to be defined in order to get a working
secure service. The key/certificate(s) for the SOAP endpoint that is WS-Security
enabled are referenced in a special PL hook and/or signature template. If
none of these (signature or key instance hook) are defined the response
will not be encrypted or signed.</p>
<p>Here are the steps involved in processing a message to a secure end point.</p>
<ol>
<li>
<p>SOAP server receives a message on a secure endpoint</p>
</li>
<li>
<p>The message is determined to be for this endpoint, otherwise will
be sent to the next SOAP router if routing is enabled. </p>
</li>
<li>
<p>The message (as is) is passed to the decoding routine. At this point
keys that are referenced in SOAP message need to be in the user space of
the SQL account on whose behalf SOAP accessible procedures of this end point
run. If any key does not exist in the user space, the requested processing will fail.</p>
<div class="note">
<div class="notetitle">Note:</div>
<p>Signatures can be verified in the following manners:</p>
<ul>
<li>never try signatures</li>
<li>expect signatures, explicit</li>
<li>try signature if exists</li>
</ul>
<p>This behavior depends on the "WSS-Validate-Signature" option
set for the virtual directory.</p>
</div>
</li>
<li>
<p>If step 3 completes without problem, security related headers
are stripped from the decoded message.</p>
</li>
<li>
<p>The result of point 4 is passed to the usual SOAP server for
processing.</p>
</li>
<li>
<p>Once a response is generated by the SOAP method (i.e.
corresponding PL procedure, exposed as SOAP method) the result will be encoded
and/or signed. This is the last step before the result is sent back to
the requestor client. At this point the server behavior is controlled by
a few options defined in the virtual directory. See below: "WSS-KEY",
"WSS-Template", and "WSS-Type" options.</p>
</li>
</ol>
<br />
<a name="vwssvdsoapopt" />
<h3>15.5.3. Virtual Directory SOAP WSS Options</h3>
<p>The following SOAP options are available for configuring a virtual
directory:</p>
<ul>
<li>
<div class="formalpara">
<strong>WS-SEC</strong>
<p>WS-Security processing is enabled on the endpoint, in practice this
enables the input and output message filters for Security Header processing.
This MUST be set to enable WS-Security endpoints. All other WS related options
will be ignored if this option is disabled. The possible values for this
option are "yes" or "no"</p>
</div>
</li>
<li>
<div class="formalpara">
<strong>WSS-KEY</strong>
<p>The name of a PL procedure that is expected to return a key instance.
Examples of this can be found in the
<a href="vwsssupport.html#vwssreferencingkeys">Referencing Keys</a> section. If this
NULL or undefined the SOAP server will not encrypt outgoing messages.
</p>
</div>
</li>
<li>
<div class="formalpara">
<strong>WSS-Template</strong>
<p>path and file name to a file containing a template - an instruction
for how to make the XML signature for the response message. For more
information see the <a href="vwsssupport.html#vwsssectemplates">Security Templates</a>
section. If this option is NULL or undefined the SOAP server will not sign
any outgoing messages from this endpoint. As an example, if the value
"sig.xml" was supplied to this option this would imply that the content of
template is stored in the file called sig.xml located in the servers working
directory. A default template can be used by setting this option to the
value <span class="computeroutput">[key reference for signing]</span> -
(note '[]' around name is required). In this case the server will generate
a default template based on a key, and produce a default rule for making a
signature.</p>
</div>
</li>
<li>
<div class="formalpara">
<strong>WSS-Validate-Signature</strong>
<p>This option controls how the SOAP server responds to incoming messages
i.e. how to verify the incoming message.</p>
</div>
<p>possible values are:</p>
<ul>
<li>
<strong>0</strong> do not verify signatures</li>
<li>
<strong>1</strong> expects signature to exist</li>
<li>
<strong>2</strong> will verify signature if exists</li>
</ul>
</li>
</ul>
<a name="vwssvirtdirexpl" />
<div class="example">
<div class="exampletitle">Configuring WS Secure Endpoints</div>
<div>
<pre class="programlisting">
-- definition of /SecureWebServices endpoint
VHOST_DEFINE (
lpath=>'/SecureWebServices', ppath=>'/SOAP/', soap_user=>'WSS',
soap_opts=>vector(
'Namespace','http://temp.uri/',
'MethodInSoapAction','yes',
'ServiceName', 'WSSecure',
'CR-escape', 'no',
'WS-SEC','yes',
'WSS-Validate-Signature', 2)
)
;</pre>
</div>
<p>this will define a WS-Security enabled endpoint that is compatible with
.NET WSDK examples. This endpoint will accept encrypted/or signed SOAP messages
and will generate an error if security checking fails. Upon success it will return
non-encrypted message. Therefore it's a one-way encryption example.</p>
<div>
<pre class="programlisting">
-- complex example
VHOST_DEFINE (
lpath=>'/wss', ppath=>'/SOAP/', soap_user=>'WSS',
soap_opts=>vector(
'Namespace','http://soapinterop.org/',
'MethodInSoapAction','no',
'ServiceName', 'WSSecure',
'HeaderNS', 'http://soapinterop.org/echoheader/',
'CR-escape', 'no',
'WS-SEC','yes',
'WSS-KEY','DB.DBA.WS_SOAP_GET_KEY',
'WSS-Template','wss_tmpl.xml',
'WSS-Validate-Signature', 1)
)
;</pre>
</div>
<p>This endpoint will expect signed and encrypted incoming messages and will
sign and encrypt outgoing messages too. This is a two-way encryption example,
for client to server and reverse.</p>
</div>
<br />
<a name="vwssaccounting" />
<h3>15.5.4. Accounting & Accounting Hook</h3>
<p>If an X.509 certificate is used to sign an incoming message, the
following connection variables will be available to the SOAP processing
function and accounting hook:</p>
<ul>
<li>
<strong>wss-token-owner</strong> owner of certificate, an example is "C=US/ST=MA/CN=User Name".</li>
<li>
<strong>wss-token-issuer</strong> issued by , it's like above , but it's name of who is issued the certificate.</li>
<li>
<strong>wss-token-serial</strong> serial number, an integer specific to certificate issuer.</li>
<li>
<strong>wss-token-start</strong> valid from, a string containing a data of validity.</li>
<li>
<strong>wss-token-end</strong> valid to, a string containing data of end of validity.</li>
</ul>
<p>These can be accessed by invoking connection_get([name-of-info]) when
processing the SOAP request, i.e. in the procedure being invoked or from a
user defined accounting hook.</p>
<p>A user defined procedure hook named DB.DBA.WS_SOAP_ACCOUNTING can be
used for accounting purposes. If it exists it will be invoked after the
connection information is set. This PL hook should return 0 when an error
occurs or 1 upon success. Hence, a SOAP request may be rejected based on
some custom condition. </p>
<p>The procedure prototype is :</p>
<div>
<pre class="programlisting">
create procedure DB.DBA.WS_SOAP_ACCOUNTING ()
{
-- custom logic
return 1; -- on success
return 0; -- on failure
}
;</pre>
</div>
<p>Note that the usage of this functionality is global to the Virtuoso
server, To get similar functionality for each SOAP method, the developer
will need to include account checking within the PL procedures that are
exposed as SOAP methods.</p>
<br />
<a name="vwsssectemplates" />
<h3>15.5.5. Signature Templates</h3>
<p>Signature templates are used to define how signatures are generated for
SOAP messages. They are XML files containing a structure of Signature elements
as per XML Signature standard. The DigestValue and SignatureValue elements
are empty, so they will be filled upon output. The most important element is
the KeyName element. This must contain a reference to an existing key from the
user account space. This key reference does not need to be the same as key
for data encryption, it can be a different key. Please note that XML encoding
routines will resolve the key automatically, so there is no need to specify
how the key instance will be obtained, hence no relation to "WSS-Key" from
SOAP options section (above).</p>
<a name="vwssdefaulttemplate" />
<h4>15.5.5.1. Default Template Generation</h4>
<p>The default template will create an XML Signature using the following
definitions:</p>
<p>a) have a simple template corresponding to a key reference
(and it's algorithm) as:</p>
<div>
<pre class="programlisting">
TEMP := <?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" >
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="[key algorithm]" />
</SignedInfo>
<SignatureValue></SignatureValue>
<KeyInfo>
<KeyName>[key reference]</KeyName>
</KeyInfo>
</Signature>'
</pre>
</div>
<p>b) generate references to template a), using the
<span class="computeroutput">dsig_template_ext()</span> function and BODY of
the SOAP request.</p>
<div>
<pre class="programlisting">
TEMPLATE := dsig_template_ext (xtree_doc (SOAP_BODY), TEMP,
'http://schemas.xmlsoap.org/soap/envelope/', 'Body',
'http://schemas.xmlsoap.org/rp', 'action',
'http://schemas.xmlsoap.org/rp', 'to',
'http://schemas.xmlsoap.org/rp', 'id',
'http://schemas.xmlsoap.org/ws/2002/07/utility', 'Created',
'http://schemas.xmlsoap.org/ws/2002/07/utility', 'Expires');
</pre>
</div>
<p>In other words, the 'Body' of the SOAP message, part of the routing
header elements ('action,'to','id') and, if it exists, Timestamp
headers ('Created', 'Expires').</p>
<a name="vwssusingdefaulttemplate" />
<div class="example">
<div class="exampletitle">Using default templates</div>
<p>This example demonstrates the use of the default template
mechanism and X.509 certificate with RSA key:</p>
<div>
<pre class="programlisting">
--------------- SOAP message
<SOAP:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"
xmlns:dt="urn:schemas-microsoft-com:datatypes">
<SOAP:Header />
<SOAP:Body Id="Id-2e7c29c7-8645-4ad8-af59-06bed179d2fb">
<AddInt xmlns="http://microsoft.com/wsdk/samples/SumService">
<a>3</a>
<b>4</b>
</AddInt>
</SOAP:Body>
</SOAP:Envelope>
--------------- Generated signature template
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#Id-2e7c29c7-8645-4ad8-af59-06bed179d2fb">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue></ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-24c152e3-26e0-d611-bb59-90b4c67d3be5"></wsse:Reference>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</pre>
</div>
<p>Now, an example of a user defined template:</p>
<div>
<pre class="programlisting">
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue></SignatureValue>
<KeyInfo>
<KeyName>file:dsa.der</KeyName>
</KeyInfo>
</Signature>
</pre>
</div>
</div>
<br />
<br />
<a name="vwsssoapclient" />
<h3>15.5.6. SOAP Client</h3>
<p>The <span class="computeroutput">soap_client()</span> function is used to make soap
requests. Upon success it will return an array containing the XML tree of
the result. However, it can return more complex results when the debug parameter
is enabled, in which case it can return the request and the response messages
as well. Some of the parameters are optional, not all are required and they can
be named.</p>
<div class="tip">
<div class="tiptitle">See Also:</div>
<p>
<a href="fn_soap_client.html">
soap_client()</a>
</p>
</div>
<br />
<table border="0" width="90%" id="navbarbottom">
<tr>
<td align="left" width="33%">
<a href="voauth.html" title="OAuth Support">Previous</a>
<br />OAuth Support</td>
<td align="center" width="34%">
<a href="webservices.html">Chapter Contents</a>
</td>
<td align="right" width="33%">
<a href="ws-routing.html" title="Web Services Routing Protocol (WS-Routing)">Next</a>
<br />Web Services Routing Protocol (WS-Routing)</td>
</tr>
</table>
</div>
<div id="footer">
<div>Copyright© 1999 - 2009 OpenLink Software All rights reserved.</div>
<div id="validation">
<a href="http://validator.w3.org/check/referer">
<img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0!" height="31" width="88" />
</a>
<a href="http://jigsaw.w3.org/css-validator/">
<img src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" height="31" width="88" />
</a>
</div>
</div>
</body>
</html>
distrib
>
Fedora
>
14
>
x86_64
>
media
>
updates
>
by-pkgid
>
71d40963b505df4524269198e237b3e3
>
files
>
988
