(001) <?xml version="1.0" encoding="utf-8"?>
(002)  <S:Envelope xmlns:S="http://www.w3.org/2001/12/soap-envelope"
            xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
(003)    <S:Header>
(004)       <m:path xmlns:m="http://schemas.xmlsoap.org/rp/">
(005)         <m:action>http://fabrikam123.com/getQuote</m:action>
(006)         <m:to>http://fabrikam123.com/stocks</m:to>
(007)          <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>
(008)       </m:path>
(009)       <wsse:Security
             xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext">
(010)         wsse:UsernameToken Id="MyID">
(011)             <wsse:Username>Zoe</wsse:Username>
(012)         </wsse:UsernameToken>
(013)         <ds:Signature>
(014)            <ds:SignedInfo>
(015)               <ds:CanonicalizationMethod
                   Algorithm=
                          "http://www.w3.org/2001/10/xml-exc-c14n#"/>
(016)               <ds:SignatureMethod
                        Algorithm=
                        "http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
(017)               <ds:Reference URI="#MsgBody">
(018)                  <ds:DigestMethod
                          Algorithm=
                        "http://www.w3.org/2000/09/xmldsig#sha1"/>
(019)                  <ds:DigestValue>LyLsF0Pi4wPU...</ds:DigestValue>
(020)               </ds:Reference>
(021)            </ds:SignedInfo>
(022)            <ds:SignatureValue>DJbchm5gK...</ds:SignatureValue>
(023)            <ds:KeyInfo>
(024)                <wsse:SecurityTokenReference>
(025)                 <wsse:Reference URI="#MyID"/>
(026)                </wsse:SecurityTokenReference>
(027)            </ds:KeyInfo>
(028)         </ds:Signature>
(029)      </wsse:Security>
(030)   </S:Header>
(031)   <S:Body Id="MsgBody">
(032)     <tru:StockSymbol xmlns:tru="http://fabrikam123.com/payloads">
              QQQ
          </tru:StockSymbol>
(033)   </S:Body>
(034) </S:Envelope>

The lines in the example that illustrate WS-Security enhancements are:

• Line (009). This specifies a <Security> header that contains security information for an intended receiver. This element continues until line (029).
• Lines (010) to (012). These lines specify a security token that is associated with the message. In this case, it defines the username of the client using the <UsernameToken> element. The security token can also be used to specify a password. However in this example it's assumed that the receiver knows the password - in other words, it is a shared secret.
• Lines (013) to (028) specify a digital signature. This signature ensures the integrity of the signed elements (that they aren't modified). The signature follows the XML Signature specification. In this example, the signature is based on a key generated from the user's password. Typically, stronger signing mechanisms would be used.
• Lines (014) to (021) describe the digital signature. Line (015) specifies how to canonicalize (normalize) the data that is being signed.
• Lines (017) to (020) select the elements that are signed. Specifically, line (017) indicates that the <S:Body> element is signed. In this example, only the message body is signed. Typically, additional elements of the message, such as parts of the routing header, should be included in the signature.
• Line (022) specifies the signature value of the canonicalized form of the data that is being signed as defined in the XML Signature specification.
• Lines (023) to (027) provide a hint as to where to find the security token associated with this signature. Specifically, lines (024) to (025) indicate that the security token can be found at (pulled from) the specified URL.