7.5.7 <SecurityToken>

Specifies the security token that is supported for authentication or digital signatures, depending on the parent element.

If this element is defined in the <Identity> parent element, then is specifies that a client application, when invoking the Web Service, must attach a security token to the SOAP request. For example, a Web Service might require that the client application present a Username token for the Web Service to be able to access Tuxedo service. If this element is part of <Integrity>, then it specifies the token used for digital signature.

The specific type of the security token is determined by the value of its TokenType attribute, as well as its parent element.

Table 7-6 SecurityToken Attributes

Attribute	Description	Required
IncludeInMessage	Specifies whether to include the token in the SOAP message. Valid values are true or false. The default value of this attribute is true when used in the <Integrity> assertion. The value of this attribute is always true when used in the <Identity> assertion, even if you explicitly set it to false.	No
TokenType	Specifies the type of security token. Valid values are: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 (To specify a binary X.509 v3 token) http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken (To specify a username token)	Yes