Why Encrypt SOAP messages?- The main purpose of SOAP is to exchange messages over HTTP. For communication it uses XML. The messages exchanged if done in plain text can be potentially viewed by anyone across the internet. SOAP over HTTPS is secured. The entire HTTP message, including both the headers and the body of the HTTP message is encrypted using public asymmetric encryption algorithms.
- A SOAP response message has unencrypted data which can be accessed by prying eyes that could access as the message that is transmitted over the wire. By using SOAP parameter encryption class, specific parts of the SOAP message could be encrypted for protecting information at the time of transferring from the web service to the client.
|