With authentication at SOAP message level, the WS authentication data is transported with token profiles in the SOAP message header. With this approach, the authentication takes place at SOAP level, which allows the customizing of authentication and Single Sign-On (SSO) to meet the specific security requirements for Web services.
The mechanisms supported by SAP NetWeaver for authentication at SOAP message level and SSO are based ont he WS-Security standard. The WS-Security standard describes the standard XML syntax with which authenticaiton data is included in the SOAP header, and allows the interoperability of security between WS-supported systems that are based on different programming languages.
With authentication at SOAP message level, you can use end-to-end authentication that is adjusted to the security requirements of the WS communication. With SAP NetWeaver, you can use multiple types of WS authentication mechanisms at document level and strong message authentication options based on WS-Security, such as XML signatures, XML encryption, SOAP message age, and error reports.
Authentication at message level is customized to the specific security requirements for Web services, which only require the protection of some of the security aspects during the authentication and SSO process. The use of XML signatures allows you, for example, to permit access to SOAP messages for intermediary WS systems and therefore to ensure integrity, that is, to ensure that the message is not modified during its transfer.
Authentication at message level on its own does not offer a point-to-point solution to protect the overall security of the WS interactions between systems. However, the reliability of SOAP messages at the lower level of the HTTP connection protocol allows you to extend the security at SOAP level with security solutions at HTTP transport level. You can, for example, use HTTPS as a protected connection channel that uses the SSL security level for transport level security.