Simple Object Access Protocol

(SOAP)
by Kazi Huque

Presentation Outline

Definition
Motivation
Characteristics
SOAP message format
SOAP in code
SOAP Security
SOAP in action
2

What is SOAP?

SOAP is a lightweight protocol intended for

exchanging structured information in a
decentralized, distributed environment. SOAP
uses XML technologies to define an extensible
messaging framework, which provides a message
construct that can be exchanged over a variety of
underlying protocols. The framework has been
designed to be independent of any particular
programming model and other implementationspecific semantics.
3

SOAP is the Foundation

WS-Secure
Conversation

WS-Policy

WS-Federation WS-Authorization
WS-Trust

WS-Privacy

WS-Security
SOAP
4

Simply Put...

SOAP is a way for a program running in

one operating system to communicate with
a program running in either the same or a
different operating system, using HTTP (or
any other transport protocol) and XML.

SOAP Messaging Framework

XML-based messaging framework that is

1) extensible
2) interoperable
3) independent

Next we discuss these three characteristics

in more detail

Extensible

Simplicity remains one of SOAP's primary

design goals
SOAP defines a communication
framework that allows for features such as
security, routing, and reliability to be
added later as layered extensions

Interoperable

SOAP can be used over any transport

protocol such as TCP, HTTP, SMTP
SOAP provides an explicit binding today
for HTTP

Interoperable Cont

Independent

SOAP allows for any programming model

and is not tied to RPC
SOAP defines a model for processing
individual, one-way messages
SOAP also allows for any number of
message exchange patterns (MEPs)

10

One-Way Message

11

Request/Response

12

SOAP Message Format

SOAP message consists of three parts:

SOAP Envelope

SOAP Header (optional)

SOAP Body

From the http://schemas.xmlsoap.org/soap/envelope/

namespace
13

SOAP Envelope

The SOAP Envelope construct defines an

overall framework for expressing what is
in a message and who should deal with it.

14

SOAP Envelope Cont

The Envelope is the top element of the

XML document representing the message.

The Envelope element is always the root

element of a SOAP message.
The Envelope element contains an optional
Header element followed by a mandatory
Body element.

15

SOAP Envelope Code

<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header> <!-- optional -->
<!-- header blocks go here... -->
</soap:Header>
<soap:Body>
<!-- payload or Fault element goes here... -->
</soap:Body>
</soap:Envelope>
16

SOAP Header

The Header element is a generic container

for control information
It may contain any number of elements
from any namespace
Header blocks should contain information
that influences payload processing
Header is optional
17

SOAP Header Code

<soap:Header>
<!-- security credentials -->
<s:credentials xmlns:s="urn:examples-org:security">
<username>dave</username>
<password>evad</password>
</s:credentials>
</soap:Header>

18

SOAP Body

The Body element represents the message

payload

19

SOAP Body Code

<soap:Body>
<x:TransferFunds xmlns:x="urn:examples-org:banking">
<from>22-342439</from>
<to>98-283843</to>
<amount>100.00</amount>
</x:TransferFunds>
</soap:Body>

20

SOAP in Code
SOAP Message Embedded in HTTP Request:
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAPENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<m:GetLastTradePrice xmlns:m="Some-URI">
<symbol>DIS</symbol>
</m:GetLastTradePrice>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

21

SOAP in Code Cont

SOAP Message Embedded in HTTP Response:
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
<SOAP-ENV:Body>
<m:GetLastTradePriceResponse xmlns:m="Some-URI">
<Price>34.5</Price>
</m:GetLastTradePriceResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

22

SOAP Security

The SOAP specification does not define

encryption for XML Web Services.
This is left up to the implementer of the
SOAP protocol.

23

Issues About Security

Encryption places a dependency on the

transport protocol
Does the transport protocol support secure
communication?
What is the cost of encrypting all the data
versus part of the data?

24

SOAP Code with Encryption

<%@ WebService Language="C#" Class="CreditCardService" %>
using System.Web.Services;
public class CreditCardService {
[WebMethod]
[EncryptionExtension(Encrypt=EncryptMode.Response)]
public string GetCreditCardNumber() {
return "MC: 4111-1111-1111-1111";
}
}
25

Request Encrypted
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<GetCreditCardNumber xmlns="http://tempuri.org/" />
</soap:Body>
</soap:Envelope>

26

Response Encrypted
<soap:Body>
<GetCreditCardNumber xmlns="http://tempuri.org/">
<GetCreditCardNumberResult>83 151 243 32 53 95 86 13 190 134
188 241 198 209 72 114 122 38 180 34 194 138 16 97 221 195 239 86 26
152 94 27
</GetCreditCardNumberResult>
</GetCreditCardNumber>
</soap:Body>

27

SOAP in Action
Demo

28

References

Understanding SOAP
Overall explanation of what SOAP is, and what it can do.
http://msdn.microsoft.com/webservices/understanding/webservicebasics/default.aspx?pull
=/library/en-us//dnsoap/html/understandsoap.asp

W3C Note
Explains how SOAP exchanges messages. Code level
details.
http://www.w3.org/TR/2000/NOTE-SOAP-20000508/

29