Authentication of the sender of a SOAP message. Authentication ensures that the recipient of a SOAP message is sure of the sender’s identity. You can use WS-SecurityPolicy assertions to authenticate the sender using:

Basic authentication using the sender’s username and password for identification.

X.509 certificate authentication using the sender’s X.509 certificate for identification.

SAML authentication using the sender’s SAML assertion for identification.

Kerberos authentication using the sender’s Kerberos ticket for identification.

Integrity of web service SOAP message content. The sender of a message can sign all or parts of the message. The recipient then verifies the signature to ensure the integrity of the message content. Signing a message involves encrypting a message digest with the sender’s private key. To verify a signed message, the recipient uses the public key that corresponds to the sender’s private key.

Confidentiality of the SOAP message. The sender of a message can encrypt the message so that only the intended recipient can read the message. The sender encrypts the message using the recipient’s public key. The recipient can then decrypt the message using its private key.

Protection against replay attacks. The sender can place a creation and expiration timestamp in the SOAP message header. The recipient checks the timestamp and can invalidate messages that arrive after the expiration time.