Integration Server 10.3 | Web Services Developer’s Guide | Securing Web Services (WS-Security) | WS-Security and the SOAP Message Header
 
WS-Security and the SOAP Message Header
The security information for a SOAP message is contained in an optional header component that follows the SOAP envelope. Its XML semantics and syntax are based on WS-Security design standards and recommendations for authentication components such as signing, encryption, use of authentication tokens, and security timestamps.
The security options of an outbound/inbound message pair often share a dependency. For example, if an outbound message is signed by a web service, the web service receiving the signed message must define the security parameters of an inbound message so that it can address (for example, verify) signed messages.