Simple Object Access Protocol (SOAP) is a protocol for sending messages between computer systems on a network. Messages are placed in an Extensible Markup Language (XML) format and transmitted via the Hypertext Transfer Protocol (http). Since XML and http are commonly available on many computing systems, SOAP offers a convenient means for communication, even among computers operating under different platforms.
A typical SOAP message might consist of a SOAP envelope that is made up of a SOAP header and a SOAP body. The body typically contains the message itself while the header might contain metadata about the message, such as security information. When secure communication is desired between a client and a server on a network, the necessary security information can be included in the SOAP security header.
The Organization for Advancement of Structured Information Standards (OASIS) Web Services Security: SOAP Message Security specification, which is hereby incorporated herein by reference for all purposes, hereinafter referred to as the WSS specification, describes enhancements to SOAP messaging to provide for message security. Among the security profiles supported by the WSS specification are username/password tokens, X.509 certificates, Kerberos tickets, SAML assertions, XrML documents, and XCBF documents, all of which are hereby incorporated herein by reference for all purposes.