XML token
XML tokens are offered in two well-known formats called Security Assertion Markup Language (SAML) and eXtensible rights Markup Language (XrML).
In WebSphere® Application
Server Versions
6 and later, you can plug in your own implementation. By using
extensibility of the <wsse:Security>
header
in XML-based security tokens, you can directly insert these security
tokens into the header. SAML assertions are attached to Web Services
Security messages using web services by placing assertion elements
inside the <wsse:Security>
header. The following
example illustrates a Web Services Security message with a SAML assertion
token.
<S:Envelope xmlns:S="...">
<S:Header>
<wsse:Security xmlns:wsse="...">
<saml:Assertion
MajorVersion="1"
MinorVersion="0"
AssertionID="SecurityToken-ef375268"
Issuer="elliotw1"
IssueInstant="2002-07-23T11:32:05.6228146-07:00"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
...
</saml:Assertion>
</wsse:Security>
</S:Header>
<S:Body>
...
</S:Body>
</S:Envelope>
For a complete list of the supported standards and specifications, read about web services specifications and APIs.