In Web Services Enhancements (WSE) 2.0, one could exercise some control over what one xml element/fragments wants to encrypt within a soap:Body. Therefore, if I wanted to encrypt the account string in my credit card type, I could do something like this:
[At your Service Side]
Public Class SecuredCreditCard
Public Type As String
Public Account As SecuredString
Public Class SecuredString
'Set the Oasis Id that our security reference will point to
Public ID As String
Public Data As String
[At your Calling side]
Dim a As localhost.IndexWse = New localhost.IndexWse
Dim b As localhost.SecuredCreditCard = New localhost.SecuredCreditCard
Dim z As localhost.SecuredString = New localhost.SecuredString
Dim c As SoapContext = a.RequestSoapContext
b.CreditCardType = "VISA"
z.Id = "uri:demoId.softwaremaker.net" 'or some guid
z.Value = "123-456-789"
b.CreditCardAccount = z
c.Security.Elements.Add(New EncryptedData(tok, "#uri:demoId.softwaremaker.net"))
Note: To reduce headache-inducing typo bugs, you may want to use some WSE Constants such as
The end result of this is a soap:Body on the wire looks like this:
<CreditCardAccount d4p1:Id="uri:demoId.softwaremaker.net" xmlns:d4p1=".../2004/01/oasis- 200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedData Id="EncryptedContent-3d793117-f020-4236-a0a0-0ed545d9bf1a" Type=".../2001/04/ xmlenc#Content" xmlns:xenc=".../2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm=".../2001/04/xmlenc#aes128-cbc" />
While I dont know how much of performance benefits this has over one that has the entire SecureCreditCard encrypted (since it is an symmetric-key encryption at its core), I think in terms of latency and throughput, it does offer some benefits especially with a sizable payload (>20-30 kb, for instance ?)
Windows Communication Foundation (WCF, previously - Indigo) does not currently have that feature build in at the moment (Sept05-CTP or known as the PDC-bits). In other words, in WCF today, you encrypt the entire contents of the soap:Body, lock-stock-barrel. I would still love that WSE feature in there: To be able to exercise finer grain control over what I want to or not to encrypt within a soap:Body.
Would really like to find out if I am the only odd one out there. Any users using that existing WSE feature out there that would love to see the same in WCF or do you have other better ideas ? Leave a comment or email me via the contact link on the side. Thank you.
BTW: Whether you encrypt certain elements of the contents or encrypt the entire contents of the soap:Body, both are WS-Security Specifications compliant.