Home > Articles > Web Services > XML

What kind of security does SOAP implement?

Because SOAP is a wire protocol, SOAP does not implement security. However, SOAP can use the HTTP protocol, allowing you to potentially employ application-level security coupled with secure sockets or HTTPS. SOAP also mandates the use of the SOAPAction HTTP header field, which allows your firewall (or equivalent technology) to filter SOAP method invocations or deny SOAP processing entirely. Your firewall would examine the SOAPAction header and filter the SOAP packet based upon the object name, the particular method (remotable or not), or a combination of the two.

Source: This FAQ is excerpted from Understanding SOAP by Kennard Scribner and Mark C. Stiver (2000, Sams, ISBN 0672319225). Refer to this book for more detailed information on SOAP.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.