What to sign when signing a message with ws-security

Posted by Heavy Bytes on Stack Overflow See other posts from Stack Overflow or by Heavy Bytes
Published on 2010-05-25T20:35:03Z Indexed on 2010/05/25 23:31 UTC
Read the original article Hit count: 493

I am adding security to my web service and chose to sign the Timestamp and Token.

While reading docs I found a lot of examples where they sign the Body of the SOAP message.

My question is: what is best to sign?

From what I understand signing the Body could lead to performance issues if the Body is pretty large.

Thanks.

© Stack Overflow or respective owner

Related posts about java

Related posts about .NET