Show TOC Start of Content Area

Background documentation SOAP Message Level Authentication  Locate the document in its SAP Library structure

For SOAP message level authentication, the WS authentication information is transferred in the SOAP message header using token profiles. This approach places authentication at the SOAP level and thereby enables the customization of authentication and SSO to fit the specific security requirements for Web services.

The mechanisms for SOAP message level authentication and SSO that SAP NetWeaver enables are based on the WS Security standard. The WS Security standard describes the standard XML syntax for including authentication information in the SOAP headers and enables security interoperability between WS enabled systems based on different underlying programming languages.

Security Considerations

SOAP message level authentication enables you to use end-to-end authentication that is adapted to the security needs for WS communication. SAP NetWeaver enables you to use several types of WS authentication mechanisms at the document level, as well as strong WS Security-based message authentication options such as XML signatures, XML encryption, SOAP Message Aging and fault reporting.

Message level authentication is customized to the specific security requirements for Web services, which require protection of only several of the security aspects in the Web service authentication and SSO process. For example, by using XML signatures, you can allow access to the SOAP message for WS intermediaries, while ensuring the integrity and ensure that the message is not modified while in transit.

Message level authentication alone does not provide a complete point-to-point solution to protect the overall security of WS interactions between systems. The reliance of SOAP messages on the lower level HTTP communication protocol, however, enables you to complement the SOAP level security with security solutions at the HTTP transport level. For example, you can use HTTPS as a protected communication channel using the SSL security layer for transport level security.

More Information: Using Message Level Authentication  

End of Content Area