Hubbry Logo
SOAPSOAPMain
Open search
SOAP
Community hub
SOAP
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
SOAP
SOAP
SOAP
View on Wikipedia
from Wikipedia
SOAP
StatusActive
First publishedInitially as XML-RPC in June 1998; 27 years ago (June 1998)
Latest version1.2
27 April 2007; 18 years ago (2007-04-27)
DomainText-based protocol
LicenseCopyright by W3C, implementations are royalty-free
Websitew3.org/TR/soap12/
Internet protocol suite
Application layer
Transport layer
Internet layer
Link layer

SOAP (originally an acronym for Simple Object Access Protocol)[a] is a messaging protocol specification for exchanging structured information in the implementation of web services in computer networks. It uses XML Information Set for its message format, and relies on application layer protocols, most often Hypertext Transfer Protocol (HTTP), although some legacy systems communicate over Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.

Characteristics

[edit]

SOAP provides the Messaging Protocol layer of a web services protocol stack for web services. It is an XML-based protocol consisting of three parts:

  • an envelope, which defines the message structure[1] and how to process it
  • a set of encoding rules for expressing instances of application-defined datatypes
  • a convention for representing procedure calls and responses

SOAP has three major characteristics:

  1. extensibility (security and WS-Addressing are among the extensions under development)
  2. neutrality (SOAP can operate over any protocol such as HTTP, SMTP, TCP, UDP)
  3. independence (SOAP allows for any programming model)

As an example of what SOAP procedures can do, an application can send a SOAP request to a server that has web services enabled—such as a real-estate price database—with the parameters for a search. The server then returns a SOAP response (an XML-formatted document) with the resulting data, e.g., prices, location, features. Since the generated data comes in a standardized machine-parsable format, the requesting application can then integrate it directly.

The SOAP architecture consists of several layers of specifications for:

  • message format
  • Message Exchange Patterns (MEP)
  • underlying transport protocol bindings
  • message processing models
  • protocol extensibility

SOAP evolved as a successor of XML-RPC, though it borrows its transport and interaction neutrality from Web Service Addressing[2] and the envelope/header/body from elsewhere (probably from WDDX).[citation needed]

History

[edit]

SOAP was designed as an object-access protocol and released as XML-RPC in June 1998 as part of Frontier 5.1 by Dave Winer, Don Box, Bob Atkinson, and Mohsen Al-Ghosein for Microsoft, where Atkinson and Al-Ghosein were working.[3] The specification was not made available until it was submitted to IETF 13 September 1999.[4][5] According to Don Box, this was due to politics within Microsoft.[6] Because of Microsoft's hesitation, Dave Winer shipped XML-RPC in 1998.[7]

The submitted Internet Draft did not reach RFC status and is therefore not considered a "web standard" as such. Version 1.1 of the specification was published as a W3C Note on 8 May 2000.[8] Since version 1.1 did not reach W3C Recommendation status, it can not be considered a "web standard" either. Version 1.2 of the specification, however, became a W3C recommendation on June 24, 2003. SOAP originally stood for "Simple Object Access Protocol" but version 1.2 of the standard dropped this acronym.[9]

The SOAP specification[10] was maintained by the XML Protocol Working Group[11] of the World Wide Web Consortium until the group was closed 10 July 2009.

After SOAP was first introduced, it became the underlying layer of a more complex set of web services, based on WSDL, XSD and UDDI. These different services, especially UDDI, have proved to be of far less interest,[citation needed] but an appreciation of them gives a complete understanding of the expected role of SOAP compared to how web services have actually evolved.[according to whom?]

SOAP terminology

[edit]

SOAP specification can be broadly defined to be consisting of the following three conceptual components: protocol concepts, encapsulation concepts and network concepts.[12]

Protocol concepts

[edit]
SOAP
This is a set of rules formalizing and governing the format and processing rules for information exchanged between a SOAP sender and a SOAP receiver.
SOAP nodes
These are physical/logical machines with processing units which are used to transmit/forward, receive and process SOAP messages. These are analogous to nodes in a network.
SOAP roles
Over the path of a SOAP message, all nodes assume a specific role. The role of the node defines the action that the node performs on the message it receives. For example, a role "none" means that no node will process the SOAP header in any way and simply transmit the message along its path.
SOAP protocol binding
A SOAP message needs to work in conjunction with other protocols to be transferred over a network. For example, a SOAP message could use TCP as a lower layer protocol to transfer messages. These bindings are defined in the SOAP protocol binding framework.[13]
SOAP features
SOAP provides a messaging framework only. However, it can be extended to add features such as reliability, security etc. There are rules to be followed when adding features to the SOAP framework.
SOAP module
A collection of specifications regarding the semantics of SOAP header to describe any new features being extended upon SOAP. A module needs to realize zero or more features. SOAP requires modules to adhere to prescribed rules.[14]

Data encapsulation concepts

[edit]
SOAP message
Represents the information being exchanged between 2 SOAP nodes.
SOAP envelope
It is the enclosing element of an XML message identifying it as a SOAP message.
SOAP header block
A SOAP header can contain more than one of these blocks, each being a discrete computational block within the header. In general, the SOAP role information is used to target nodes on the path. A header block is said to be targeted at a SOAP node if the SOAP role for the header block is the name of a role in which the SOAP node operates. (ex: A SOAP header block with role attribute as ultimateReceiver is targeted only at the destination node which has this role. A header with a role attribute as next is targeted at each intermediary as well as the destination node.)
SOAP header
A collection of one or more header blocks targeted at each SOAP receiver.
SOAP body
Contains the body of the message intended for the SOAP receiver. The interpretation and processing of SOAP body is defined by header blocks.
SOAP fault
In case a SOAP node fails to process a SOAP message, it adds the fault information to the SOAP fault element. This element is contained within the SOAP body as a child element.

Message sender and receiver concepts

[edit]
SOAP sender
The node that transmits a SOAP message.
SOAP receiver
The node receiving a SOAP message. (Could be an intermediary or the destination node).
SOAP message path
The path consisting of all the nodes that the SOAP message traversed to reach the destination node.
Initial SOAP sender
This is the node which originated the SOAP message to be transmitted. This is the root of the SOAP message path.
SOAP intermediary
All the nodes in between the SOAP originator and the intended SOAP destination. It processes the SOAP header blocks targeted at it and acts to forward a SOAP message towards an ultimate SOAP receiver.
Ultimate SOAP receiver
The destination receiver of the SOAP message. This node is responsible for processing the message body and any header blocks targeted at it.

Specification

[edit]
SOAP structure

The SOAP specification defines the messaging framework, which consists of:

  • The SOAP processing model, defining the rules for processing a SOAP message[15]
  • The SOAP extensibility model defining the concepts of SOAP features and SOAP modules[15]
  • The SOAP underlying protocol binding framework describing the rules for defining a binding to an underlying protocol that can be used for exchanging SOAP messages between SOAP nodes[15]
  • The SOAP message construct defining the structure of a SOAP message[15]

SOAP building blocks

[edit]

A SOAP message is an ordinary XML document containing the following elements:

Element Description Required
Envelope Identifies the XML document as a SOAP message. Yes
Header Contains header information. No
Body Contains call and response information. Yes
Fault Provides information about errors that occurred while processing the message. No

Transport methods

[edit]

Both SMTP and HTTP are valid application layer protocols used as transport for SOAP, but HTTP has gained wider acceptance as it works well with today's internet infrastructure; specifically, HTTP works well with network firewalls. SOAP may also be used over HTTPS (which is the same protocol as HTTP at the application level, but uses an encrypted transport protocol underneath) with either simple or mutual authentication; this is the advocated WS-I method to provide web service security as stated in the WS-I Basic Profile 1.1.

This is a major advantage over other distributed protocols like GIOP/IIOP or DCOM, which are normally filtered by firewalls. SOAP over AMQP is yet another possibility that some implementations support. SOAP also has an advantage over DCOM that it is unaffected by security rights configured on the machines that require knowledge of both transmitting and receiving nodes. This lets SOAP be loosely coupled in a way that is not possible with DCOM. There is also the SOAP-over-UDP OASIS standard.

Message format

[edit]

XML Information Set was chosen as the standard message format because of its widespread use by major corporations and open source development efforts. Typically, XML Information Set is serialized as XML. A wide variety of freely available tools significantly eases the transition to a SOAP-based implementation. The somewhat lengthy syntax of XML can be both a benefit and a drawback. While it facilitates error detection and avoids interoperability problems such as byte-order (endianness), it can slow processing speed and can be cumbersome. For example, CORBA, GIOP, ICE, and DCOM use much shorter, binary message formats. On the other hand, hardware appliances are available to accelerate processing of XML messages.[16][17] Binary XML is also being explored as a means for streamlining the throughput requirements of XML. XML messages by their self-documenting nature usually have more 'overhead' (e.g., headers, nested tags, delimiters) than actual data in contrast to earlier protocols where the overhead was usually a relatively small percentage of the overall message.

In financial messaging SOAP was found to result in a 2–4 times larger message than previous protocols FIX (Financial Information Exchange) and CDR (Common Data Representation).[18]

XML Information Set does not have to be serialized in XML. For instance, CSV and JSON XML-infoset representations exist. There is also no need to specify a generic transformation framework. The concept of SOAP bindings allows for specific bindings for a specific application. The drawback is that both the senders and receivers have to support this newly defined binding.

Example message (encapsulated in HTTP)

[edit]

The message below requests a stock price for AT&T (stock ticker symbol "T"). 

POST /InStock HTTP/1.1
Host: www.example.org
Content-Type: application/soap+xml; charset=utf-8
Content-Length: 299
SOAPAction: "http://www.w3.org/2003/05/soap-envelope"

<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:m="http://www.example.org">
  <soap:Header>
  </soap:Header>
  <soap:Body>
    <m:GetStockPrice>
      <m:StockName>T</m:StockName>
    </m:GetStockPrice>
  </soap:Body>
</soap:Envelope>

Technical critique

[edit]

Advantages

[edit]
  • SOAP's neutrality characteristic explicitly makes it suitable for use with any transport protocol. Implementations often use HTTP as a transport protocol, but other popular transport protocols can be used. For example, SOAP can also be used over SMTP,[19] JMS[20][21] and message queues.
  • SOAP, when combined with HTTP post/response exchanges, tunnels easily through existing firewalls and proxies, and consequently doesn't require modifying the widespread computing and communication infrastructures that exist for processing HTTP post/response exchanges.
  • SOAP has available to it all the facilities of XML, including easy internationalization and extensibility with XML Namespaces.

Disadvantages

[edit]
  • When using standard implementation and the default SOAP/HTTP binding, the XML infoset is serialized as XML. To improve performance for the special case of XML with embedded binary objects, the Message Transmission Optimization Mechanism was introduced.
  • When relying on HTTP as a transport protocol and not using Web Services Addressing or an Enterprise Service Bus, the roles of the interacting parties are fixed. Only one party (the client) can use the services of the other.
  • SOAP is less "simple" than the name would suggest. The verbosity of the protocol, low parsing speed of XML, and lack of a standardized interaction model led to the dominance of services using the HTTP protocol more directly. See, for example, REST.
  • Being protocol-agnostic, SOAP is unable to take advantage of protocol-specific features and optimizations such as REST's Uniform Interface or caching – instead having to reimplement them (as with WS-Addressing).

See also

[edit]

Notes

[edit]

References

[edit]

Further reading

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

SOAP

View on Grokipedia
from Grokipedia
SOAP (originally standing for Simple Object Access Protocol) is a lightweight XML-based messaging protocol designed for exchanging structured information between distributed applications in decentralized environments, such as the web. It defines a standardized envelope structure to encapsulate messages, including an optional header for metadata and a mandatory body for the primary payload, enabling reliable transmission over various underlying protocols like HTTP. SOAP supports both remote procedure calls (RPC) and document-style messaging, with built-in conventions for encoding data types and handling faults, making it suitable for enterprise-level web services that require formal contracts and security features. The protocol originated in 1998 as an initiative by developers at , including contributions from , DevelopMentor, Lotus, and UserLand Software, initially building on concepts to facilitate cross-platform interoperability without introducing new technologies beyond XML and HTTP. The first specification, SOAP 1.1, was submitted as a W3C Note on May 8, 2000, emphasizing simplicity, extensibility, and avoidance of complex features like distributed garbage collection. It evolved into SOAP 1.2, which became a W3C Recommendation in 2007, refining the messaging framework to better support intermediaries, roles for message processing (e.g., "next" or "ultimateReceiver"), and bindings to transport protocols while addressing security considerations like trust evaluation in distributed nodes. Key aspects of SOAP include its processing model, where messages are routed through SOAP nodes that may act as intermediaries, potentially modifying headers or generating faults for errors such as invalid content. The protocol's extensibility allows for features like attachments (via SOAP 1.2 Attachment Feature) and integration with standards such as for authentication and encryption, though it omits built-in reliability or transaction mechanisms, deferring those to extensions or higher-level protocols. While SOAP has been influential in defining web services architectures, particularly in industries requiring robust, standards-compliant integrations like and healthcare, its verbosity and complexity have led to alternatives like for simpler use cases since the early .

Overview

Definition and Purpose

SOAP is a lightweight, XML-based messaging protocol intended for the exchange of structured information in decentralized, distributed environments. It defines a standardized way to encode messages and perform remote interactions between applications, ensuring compatibility across diverse systems without reliance on specific vendor technologies. The primary purpose of SOAP is to enable remote procedure calls (RPC) and document-style messaging, allowing applications to invoke methods or exchange entire documents over networks in heterogeneous environments. By standardizing this communication, SOAP promotes between services built with different programming languages, operating systems, or platforms, facilitating seamless integration in web services architectures. This platform-independent approach addresses key challenges in , such as firewall traversal via HTTP and reduced configuration complexity. SOAP was developed to overcome limitations of earlier protocols like DCOM and CORBA, which were hindered by vendor dependencies and poor suitability for internet-scale deployment. It uses XML as the foundational format for encapsulating messages, providing a flexible and extensible structure for data representation.

Key Characteristics

SOAP employs a stateless, one-way messaging model that forms the foundation of its communication paradigm, enabling the transmission of messages without maintaining session state between sender and receiver. This model supports higher-level patterns such as request-response through the composition of multiple one-way messages, allowing for flexible interaction in distributed systems. Additionally, SOAP's ensures binding neutrality, meaning it is not tied to any specific underlying protocol and can operate over various transports via a standardized binding framework. A core feature of SOAP is its extensibility mechanism, achieved through the use of header blocks within the message envelope. These headers allow the addition of protocol features—such as , transaction , or —without modifying the core , promoting decentralized extensibility by different participants in the message path. To manage potential naming conflicts in heterogeneous distributed environments, SOAP leverages XML namespaces throughout its structure, ensuring unambiguous identification of elements and attributes. This XML-based foundation, detailed further in message format specifications, underpins the protocol's structured . SOAP incorporates through a standardized mechanism for error reporting directly embedded in the message format. When processing errors occur, such as a failure to understand a required header or invalid message content, a SOAP Fault element is generated, containing structured details like fault codes (e.g., env:MustUnderstand or env:DataEncodingUnknown) and reasons, which facilitates reliable error handling across intermediaries and endpoints.

History and Development

Origins and Initial Specification

The development of began in 1998 at , where engineers including Satish Thatte and others sought a simpler mechanism for remote procedure calls (RPC) over the web, positioning it as an alternative to the more complex (DCOM). Key contributors such as Don Box of DevelopMentor collaborated closely with , drawing on earlier ideas like Dave Winer's specification released that summer amid internal delays at . This effort aimed to create a lightweight protocol that could leverage the growing ubiquity of HTTP and XML for , avoiding the proprietary and platform-bound nature of DCOM. Early motivations for SOAP centered on addressing the limitations of binary protocols like DCOM, which struggled with firewall traversal due to their non-standard ports and formats, often requiring tunneling or special configurations that hindered . By adopting XML for message encoding and HTTP as the , SOAP enabled seamless passage through firewalls—treating requests as standard —while promoting XML-driven across diverse platforms, languages, and vendors without reliance on binary data exchanges. This approach was seen as essential for enabling web-based RPC in enterprise environments, where existing protocols like CORBA and DCOM had faltered in achieving broad adoption over the . The initial formal specification, SOAP 1.1, emerged as a in early 2000 through collaboration between , , DevelopMentor, and others, before deeper W3C involvement. On May 8, 2000, this version was jointly submitted to the W3C as a technical note by authors including Don Box, Satish Thatte, David Ehnebuske of , and Dave Winer of UserLand Software, proposing the formation of an XML Protocol Working Group to standardize it. Published under the title "Simple Object Access Protocol (SOAP) 1.1," the note outlined a lightweight XML-based protocol for exchanging structured information in decentralized systems, marking SOAP's transition from an internal initiative to an open, industry-backed effort.

Evolution of Versions

SOAP 1.2 marked a significant evolution in the protocol, achieving W3C Recommendation status on June 24, 2003, which formalized its role as a protocol for exchanging structured information in distributed environments. This version introduced the standardized media type "application/soap+xml" for identifying SOAP messages serialized in XML 1.0, improving upon the ambiguous "text/xml" used in earlier iterations and enhancing across systems. Fault handling saw substantial improvements in SOAP 1.2, with the fault element restructured to include mandatory Code and Reason sub-elements, along with optional Node, Role, Detail, and hierarchical Subcode for more granular error reporting and diagnostics. These changes addressed limitations in prior versions by providing clearer mechanisms for conveying error semantics, such as version mismatches via the Upgrade header. SOAP 1.2 also enhanced support for non-HTTP transports by defining an abstract binding framework that allows the protocol to operate over diverse underlying protocols, including SMTP and TCP, without tying it exclusively to HTTP. RPC conventions were refined to specify precise rules for representing remote procedure calls, parameters, and return values in the message body, promoting consistency in procedural-style interactions. To ensure practical interoperability, SOAP 1.2 was designed in alignment with the WS-I Basic Profile, a set of guidelines from the Web Services Interoperability organization that includes conformance tests and best practices for implementing SOAP with WSDL. The Basic Profile versions, starting from 1.0 in 2004, incorporated SOAP 1.2 requirements to facilitate cross-vendor compatibility. The second edition of SOAP 1.2, released as a W3C Recommendation on April 27, 2007, incorporated errata fixes and minor clarifications without altering the core specification. Post-2007, active development of the core SOAP protocol declined, with standardization efforts redirecting toward the WS-* stack of extensions—such as , WS-ReliableMessaging, and WS-Addressing—to address advanced features like security and transactionality. This shift marked the last major W3C update to SOAP itself in 2007. As of 2025, SOAP 1.2 remains the current and maintained W3C standard, continuing to support legacy enterprise systems requiring robust, standardized messaging. However, it has been largely superseded by RESTful APIs in new projects, which offer greater simplicity, lighter payloads, and better alignment with modern web architectures.

Core Concepts and Terminology

Protocol Fundamentals

SOAP serves as a lightweight protocol designed for the exchange of structured information to facilitate the implementation of web services in decentralized and distributed environments. It enables communication between applications across various underlying protocols by defining a standardized messaging framework that supports extensibility and . This protocol operates at a high level of , allowing messages to traverse multiple nodes without being tied to specific mechanisms. Central to SOAP's protocol layer are the concepts of nodes, , and mechanisms, which govern how are and forwarded. A SOAP node represents any —such as a server, client, or —that participates in handling, including the initial , which originates the , and the ultimate receiver, which performs the final . are nodes that receive, potentially modify, and forward along the path, acting in a capacity to support features like , transformations, or aggregation. Each node assumes one or more , identified by URIs, such as the "next" role (http://www.w3.org/2003/05/soap-envelope/role/next), which indicates a node should and the ; the "none" role, signaling no further ; or the "ultimateReceiver" role, denoting the endpoint for delivery. These ensure targeted of components, with mechanisms allowing to forward unprocessed portions of the to subsequent nodes. The message path in SOAP follows a linear progression from the initial sender through zero or more intermediaries to the ultimate receiver, where each node adheres to a defined model. Upon receipt, a node evaluates header blocks targeted to its , applying any necessary actions before relaying the message if applicable. An optional mustUnderstand attribute on header blocks mandates by nodes assuming the relevant ; if a node cannot comprehend or process a header with this attribute set to true, it must generate a fault rather than proceed. This attribute promotes reliability by enforcing comprehension of critical extensions, such as or transaction headers, while allowing optional elements to be ignored without disruption. SOAP messages are encapsulated in XML format to represent this structure, though detailed formatting is specified elsewhere. Fault generation in follows strict rules to handle errors consistently across the protocol layer, using a dedicated SOAP fault element within the message . Standardized fault s provide precise diagnostics, categorized under a top-level value like "Sender" or "Receiver" for the fault's origin, with subcodes offering further granularity. For instance, the VersionMismatch fault code (with subcode http://www.w3.org/2003/05/soap-envelope/VersionMismatch) is generated when a node detects an incompatible SOAP version in the , such as a SOAP 1.1 message processed by a 1.2 node. Similarly, the MustUnderstand fault code (subcode http://www.w3.org/2003/05/soap-envelope/MustUnderstand) arises if a required header block is not processed, ensuring intermediaries and receivers failures explicitly. Other codes, like DataEncodingUnknown, address issues with unrecognized data formats, all of which halt normal processing and propagate the fault back along the message path unless relayed otherwise. These mechanisms enhance robustness in distributed systems by standardizing error reporting and recovery.

Message Structure and Encapsulation

A message is fundamentally structured as an XML document encapsulated within a mandatory SOAP Envelope element, which serves as the root container for all message content and ensures consistent processing across distributed systems. This envelope allows for the wrapping of arbitrary data, including non-SOAP payloads, by providing a standardized framework that supports extensibility without imposing rigid constraints on the underlying application information. The envelope's , "http://www.w3.org/2003/05/soap-envelope", identifies it uniquely and facilitates in decentralized environments. Within the envelope, the message distinguishes between an optional SOAP Header and a mandatory SOAP Body, enabling flexible organization of control and payload data. Header blocks, contained in the header element, are extensible XML elements designed for auxiliary information such as metadata or processing directives, which may be targeted at intermediaries via attributes like role and mustUnderstand. These blocks support optional processing and can include application-defined extensions, but they are not required for basic message transmission. In contrast, the body element exclusively carries the core application data intended for the ultimate receiver, ensuring that essential payload remains protected and directly accessible without intermediary interference. This separation promotes modularity, as headers handle protocol-level concerns while the body focuses on semantic content. For handling binary or large attachments that could inefficiently inflate XML messages through encoding, SOAP employs specialized mechanisms to optimize transmission. The SOAP with Attachments (SwA) profile utilizes MIME Multipart/Related structures to encapsulate a primary SOAP message alongside zero or more secondary parts, such as images or files, referenced via URIs within the envelope. This approach keeps attachments distinct from the XML envelope, reducing overhead while maintaining SOAP processing rules for the primary part. Complementing SwA, the Message Transmission Optimization Mechanism (MTOM) further enhances binary data handling by serializing optimized octet streams directly, avoiding encoding bloat and integrating seamlessly with XML infosets for better performance in web services. SOAP messages adhere to specific encoding rules to represent data structures, balancing flexibility with schema compliance. The literal encoding style, which is schema-based and the default in SOAP 1.2, allows direct use of application-defined XML without additional layers, promoting through validation. In contrast, the SOAP-encoded style, a graph-based approach using accessors and multi-references for complex data like RPC parameters, is declared via the encodingStyle attribute but is optional in SOAP 1.2, though literal encoding is recommended to simplify implementation and reduce ambiguity.

Technical Specification

Building Blocks

The SOAP message is structured around four primary building blocks that ensure its portability and extensibility across diverse environments. At the core is the , which serves as the encapsulating the entire message and defining its overall framework. The Envelope declares the namespace http://www.w3.org/2003/05/soap-envelope, enabling unambiguous identification of SOAP-specific elements and attributes within XML documents. The Header functions as an optional container for auxiliary information, such as processing directives that guide how intermediate nodes handle the message. It allows for the inclusion of metadata like tokens or transaction identifiers, targeted via attributes such as role (which specifies the intended recipient node) and mustUnderstand (which mandates comprehension by the recipient). This supports the protocol's extensibility model without interfering with the core payload. Central to the message is the Body, which holds the actual application data or invocation details, accommodating both RPC-style calls (where parameters are passed for remote procedure execution) and document-oriented content (such as XML fragments for business documents). The Body can contain multiple child elements, each representing distinct data units, thereby facilitating complex exchanges while maintaining separation from header metadata. For error handling, the Fault element provides a standardized mechanism for reporting issues, always nested within the Body to indicate that the message's primary intent has failed. It comprises sub-elements including (categorizing the fault type, e.g., VersionMismatch or DataEncodingUnknown), Reason (offering a textual explanation in one or more languages), Node (identifying the URI of the originating SOAP node), and (specifying the role the node assumed when generating the fault). This structure promotes consistent diagnostics across implementations.

Message Format Details

The SOAP message format is fundamentally an XML document structured around the Envelope element, which serves as the root and encapsulates the entire message. The Envelope, defined in the XML schema (soap-envelope.xsd) for the http://www.w3.org/2003/05/soap-envelope namespace from the W3C SOAP 1.2 specification, includes an optional Header element for metadata and processing instructions, and a mandatory Body element for the primary payload or fault information. The schema specifies that the Envelope must be the document's only child element, with its local name fixed as "Envelope" in the namespace http://www.w3.org/2003/05/soap-envelope. Key attributes include soapenv:mustUnderstand (of type xs:boolean), which mandates that targeted header blocks be processed or result in a fault if ignored; soapenv:role (of type xs:anyURI), designating the intended recipient node (e.g., "next" for intermediaries or "ultimateReceiver" for the final destination); and soapenv:relay (of type xs:boolean), indicating whether unprocessed header blocks should be forwarded along the message path. These attributes enable extensible processing while ensuring interoperability. Namespace declarations are integral to the format, with the core namespace http://www.w3.org/2003/05/soap-envelope qualifying all fundamental elements like , Header, and Body to avoid conflicts in mixed XML vocabularies. An optional encoding namespace, http://www.w3.org/2003/05/soap-encoding, may be used for serialized data structures within the Body, though its application is not required for basic literal messages. The encodingStyle attribute on , Header, or Body elements (type xs:anyURI) specifies serialization rules when present, allowing for graph-like data representations with references, but it defaults to no encoding if omitted. This namespace separation supports modularity, as SOAP messages can embed content from other XML schemas without ambiguity. For (RPC) representations, the SOAP Body contains a single access element named after the method (e.g., <m:GetStockPrice>), acting as a struct with child elements for input parameters labeled by their names (e.g., <symbol>IBM</symbol> for an input string). Responses follow a similar convention, using a Body element named after the method with a "Response" (e.g., <m:GetStockPriceResponse>), where output parameters and return values appear as child elements; the return value is specifically accessed via an edge named "result" in the http://www.w3.org/2003/05/soap-rpc unless the method is void. Parameters must adhere to XML naming rules, with conventions for mapping non-XML names (e.g., prefixing with underscores). The literal style, which directly uses schema-defined XML without additional encoding attributes, is preferred for its simplicity and direct , contrasting with the optional encoded style that permits complex, referenced data structures but increases parsing overhead. Validation of SOAP messages requires conformance to the W3C XML Schema for the Envelope, ensuring structural integrity without mandating full schema processing for the payload. Messages must serialize to valid XML 1.0, using the XML Infoset abstract model, and avoid DTDs in favor of schema-based definitions for portability. Non-conformant messages, such as those violating namespace rules or attribute types, trigger a "VersionMismatch" or "MustUnderstand" fault as defined in the schema. Implementations are encouraged to validate against the normative schema at http://www.w3.org/2003/05/soap-envelope to verify Envelope integrity, though payload validation depends on application-specific schemas. This rigorous syntax promotes reliable exchange across diverse systems.

Implementation Aspects

Transport Protocols

SOAP messages are primarily transported using the HTTP protocol, which serves as the default binding in the SOAP specification. The HTTP binding employs the method to encapsulate SOAP envelopes within the HTTP entity body, enabling synchronous request-response interactions over the web. In early versions of SOAP, such as SOAP 1.1, the SOAPAction HTTP header was required to indicate the intent of the SOAP request, typically specifying the operation to be invoked on the receiving endpoint. This header facilitated intermediary processing and dispatching, though in SOAP 1.2, it was deprecated in favor of an action parameter within the Content-Type header for the "application/soap+xml" media type. Beyond HTTP, SOAP supports bindings to other protocols for specialized use cases. The SMTP binding, defined as an illustrative example in the SOAP 1.2 framework, leverages email for asynchronous messaging, where requests and responses are exchanged via separate messages correlated through headers like Message-ID and In-Reply-To. This approach suits scenarios requiring store-and-forward delivery, such as decoupled systems or environments with intermittent connectivity. Additionally, SOAP can bind directly to TCP for low-level, stream-based connections, allowing messages to be transmitted over raw TCP sockets without higher-level protocol overhead, though no standardized TCP binding exists in the core specification—examples include custom implementations reusing TCP port infrastructure. To enable transport-agnostic addressing and routing, SOAP integrates with WS-Addressing, a W3C recommendation that introduces standardized XML elements for endpoint references and message information headers. WS-Addressing allows SOAP messages to specify destinations (e.g., via wsa:To), replies (wsa:ReplyTo), and faults independently of the underlying transport, decoupling endpoint identification from protocol-specific details like HTTP URLs or SMTP addresses. This facilitates advanced routing through intermediaries and supports multi-hop scenarios across heterogeneous networks. A key consideration in selecting transport protocols for is firewall traversal. HTTP's ubiquity as a web protocol allows messages to pass through most corporate firewalls and proxies without configuration changes, as they appear as standard HTTP traffic on port 80 or 443, unlike protocols that often require exceptions or dedicated ports. This advantage has contributed to HTTP's dominance in deployments, promoting in distributed environments while minimizing modifications.

Binding and Interoperability

SOAP bindings define how abstract service operations described in WSDL are mapped to specific transport protocols and message formats, enabling the concrete realization of web services. The (WSDL) provides a framework for these mappings through its binding elements, which specify details such as the SOAP version, encoding style, and transport protocol for each operation. For instance, a WSDL binding can indicate that an operation uses SOAP 1.2 over HTTP, including how input and output messages are serialized. To promote across diverse implementations, the developed profiles that constrain and related specifications. The WS-I Basic Profile 1.1, published in 2006, refines 1.1, WSDL 1.1, and to ensure compatible web services by mandating document/literal encoding and prohibiting certain features like encoding. Similarly, the Basic Profile 2.0, released in 2010, extends these guidelines to 1.2 and WSDL 2.0, emphasizing clarifications for reliable message exchange and service descriptions. The WS-I concluded operations in 2017, but its profiles continue to guide practices. Compliance with these profiles is verified using tools like the WS-I Analyzer, which examines WSDL documents and message logs against profile assertions to identify potential issues. Interoperability challenges in often arise from version mismatches between SOAP 1.1 and 1.2, which differ in namespaces and fault handling, leading to errors in cross-version interactions. Encoding style discrepancies, such as the use of RPC/encoded versus document/literal, further complicate compatibility by introducing rules that may not align across platforms. Solutions typically involve strict adherence to literal encoding as prescribed by WS-I profiles, which ensures messages conform directly to XML schemas without additional SOAP-specific , thereby reducing ambiguity and enhancing cross-system reliability. Tooling support facilitates the generation and management of SOAP bindings in practice. The Apache Axis library, a Java-based SOAP engine, automates binding creation from WSDL files using tools like WSDL2Java, supporting both client and server implementations with configurable transport options. In the Microsoft .NET ecosystem, the System.Web.Services.Description namespace provides classes like SoapBinding for defining protocol bindings in WSDL, integrated into ASP.NET Web Services for seamless deployment and invocation. These libraries ensure that developers can produce standards-compliant bindings while addressing interoperability requirements.

Practical Examples

Basic Message Exchange

In the basic SOAP message exchange pattern, a client initiates communication by sending a request message to a server, encapsulating a method invocation within the SOAP Envelope. The Envelope serves as the fundamental container for all SOAP messages, comprising an optional Header for processing instructions and a mandatory Body for the primary . The Body of the request message contains the method call, such as GetStockPrice, along with its parameters expressed as XML elements. For instance, a request to retrieve the stock price for a specific company might include a parameter like the stock symbol. The following XML illustrates a simplified request message for the GetStockPrice method:

xml

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Body> <m:GetStockPrice xmlns:m="http://example.org/stock"> <m:StockSymbol>[IBM](/page/IBM)</m:StockSymbol> </m:GetStockPrice> </soap:Body> </soap:Envelope>

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Body> <m:GetStockPrice xmlns:m="http://example.org/stock"> <m:StockSymbol>[IBM](/page/IBM)</m:StockSymbol> </m:GetStockPrice> </soap:Body> </soap:Envelope>

This structure ensures the method and parameters are serialized in a platform-independent XML format, allowing invocation across distributed systems. Upon receiving the request, the server processes the Body and generates a response , returning the result in the Body if successful or a fault element if an error occurs. The fault structure, which includes details like fault codes and reasons, provides standardized error reporting but is elaborated further in the protocol's building blocks. A successful response for the GetStockPrice method would embed the return value, such as the price, as a child element of the corresponding response method. An example response message might appear as:

xml

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Body> <m:GetStockPriceResponse xmlns:m="http://example.org/stock"> <m:Price>150.25</m:Price> </m:GetStockPriceResponse> </soap:Body> </soap:Envelope>

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Body> <m:GetStockPriceResponse xmlns:m="http://example.org/stock"> <m:Price>150.25</m:Price> </m:GetStockPriceResponse> </soap:Body> </soap:Envelope>

This request-response MEP (Message Exchange Pattern) assumes a synchronous interaction where the client awaits the server's reply. SOAP also supports alternative patterns beyond the standard request-response, including one-way and notification exchanges. In a one-way pattern, the sender dispatches a message without anticipating a reply, suitable for fire-and-forget scenarios like logging events, where the Body carries the payload but no response is generated. Notification follows a similar unidirectional flow but originates from the server to notify the client of state changes, again without requiring acknowledgment. These patterns leverage the same Envelope structure, emphasizing SOAP's flexibility for asynchronous messaging in distributed environments. Intermediary processing enhances SOAP's extensibility by allowing nodes between the initial sender and ultimate receiver to handle specific tasks via Header blocks. Headers contain targeted blocks with attributes like role to direct processing—such as soap:role="http://www.w3.org/2003/05/soap-envelope/next" for the next intermediary—and mustUnderstand="true" to mandate comprehension, triggering a fault if ignored. For example, in a of intermediaries for a stock price request, a Header block might specify transaction IDs or security tokens, enabling the first intermediary to route based on the ID while the next validates the token, all without altering the Body. Unprocessed headers can be relayed forward if relay="true" is set, ensuring through the chain. This model supports modular processing, such as in enterprise service buses, while maintaining message integrity.

Encapsulated HTTP Example

A SOAP message encapsulated over HTTP typically uses the POST method to send the request to the service endpoint, with specific headers to indicate the SOAP format and action. The Content-Type header is set to application/soap+xml for SOAP 1.2, and the optional action parameter in the Content-Type or the SOAPAction header (for SOAP 1.1 compatibility) specifies the intended action. This binding follows the HTTP rules defined in the SOAP 1.2 specification. Consider a sample request to a service endpoint at http://example.com/[weather](/page/Weather) to query the forecast for a specific city. The HTTP request might appear as follows:

[POST](/page/Post-) /weather HTTP/1.1 Host: example.com Content-Type: application/soap+xml; charset=[utf-8](/page/UTF-8); action="http://example.com/GetWeather" Content-Length: 456 <?xml version="1.0" encoding="[utf-8](/page/UTF-8)"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:wea="http://example.com/[weather](/page/Weather)"> <soap:Header/> <soap:Body> <wea:GetWeather> <wea:CityName>[London](/page/London)</wea:CityName> <wea:CountryName>[United Kingdom](/page/United_Kingdom)</wea:CountryName> </wea:GetWeather> </soap:Body> </soap:Envelope>

[POST](/page/Post-) /weather HTTP/1.1 Host: example.com Content-Type: application/soap+xml; charset=[utf-8](/page/UTF-8); action="http://example.com/GetWeather" Content-Length: 456 <?xml version="1.0" encoding="[utf-8](/page/UTF-8)"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:wea="http://example.com/[weather](/page/Weather)"> <soap:Header/> <soap:Body> <wea:GetWeather> <wea:CityName>[London](/page/London)</wea:CityName> <wea:CountryName>[United Kingdom](/page/United_Kingdom)</wea:CountryName> </wea:GetWeather> </soap:Body> </soap:Envelope>

The XML payload forms the SOAP envelope, declaring the standard SOAP namespace and a custom namespace for the weather service elements. The Body contains the operation invocation (GetWeather) with parameters for the city and country, enabling the service to process the query. Upon successful processing, the server responds with HTTP status 200 OK, including a similar Content-Type header and the response envelope in the body. For the weather query, this might return forecast data:

HTTP/1.1 200 OK Content-Type: application/soap+xml; charset=utf-8 Content-Length: 567 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:wea="http://example.com/weather"> <soap:Header/> <soap:Body> <wea:GetWeatherResponse> <wea:WeatherData>Partly cloudy, 15°C</wea:WeatherData> </wea:GetWeatherResponse> </soap:Body> </soap:Envelope>

HTTP/1.1 200 OK Content-Type: application/soap+xml; charset=utf-8 Content-Length: 567 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:wea="http://example.com/weather"> <soap:Header/> <soap:Body> <wea:GetWeatherResponse> <wea:WeatherData>Partly cloudy, 15°C</wea:WeatherData> </wea:GetWeatherResponse> </soap:Body> </soap:Envelope>

If an error occurs, such as an invalid city name, the response uses HTTP status 500 Internal Server Error with a SOAP Fault in the body, detailing the issue via standardized fault codes and reasons. For scenarios involving binary attachments, such as images in a , SOAP with MTOM optimizes transmission by serializing the as the root part of a multipart/related message. The HTTP request uses Content-Type multipart/related; type="application/soap+xml"; boundary="uuid:...", followed by the referencing the attachment via an Include element (e.g., xop:Include href="cid:uuid-123" rel="nofollow") and a separate part for the binary data. This avoids encoding overhead for large payloads.

Security and Extensions

Security Mechanisms

SOAP employs (WS-SeC), an OASIS standard that extends SOAP messages with security features embedded in the <wsse:Security> header to ensure end-to-end protection regardless of transport. This specification supports message-level integrity via XML signatures, confidentiality through XML encryption, and authentication using various security tokens, all leveraging standards like XML Digital Signature and XML Encryption. XML signatures in WS-Security provide integrity by digitally signing selected parts of the SOAP envelope, such as the body or custom headers, using algorithms like RSA-SHA256. The signature process involves referencing elements via or ID attributes and applying canonicalization to normalize the XML before hashing and signing, ensuring that any alteration invalidates the signature. WS-Security mandates the use of Exclusive XML Canonicalization (http://www.w3.org/2001/10/xml-exc-c14n#) to handle issues, preventing canonicalization attacks where attackers exploit prefix redefinitions or external entity inclusions to alter signed content without detection. For confidentiality, WS-Security integrates XML to protect sensitive data within the message. Symmetric keys (e.g., AES-128) encrypt elements like the SOAP body, producing <xenc:EncryptedData> and <xenc:CipherData> in the Security header, while the key itself may be encrypted asymmetrically using the recipient's public key via <xenc:EncryptedKey>. This allows multiple recipients to decrypt portions independently, supporting scenarios like secure multi-party communications. Timestamps enhance security by embedding freshness indicators in the <wsu:Timestamp> element within the Security header, specifying creation time (<wsu:Created>) and optional expiration (<wsu:Expires> ) in UTC format (e.g., 2005-10-13T08:42:00Z). When signed, these prevent replay attacks by allowing recipients to verify the message age against a tolerance window, typically 5 minutes. The UsernameToken profile enables straightforward by including a <wsse:UsernameToken> in the Security header, containing a <wsse:Username> and optional <wsse:Password>. Passwords transmit as plain text (requiring secure transport like TLS) or as a digest: Base64(SHA-1(nonce + created + password)), where the nonce is a Base64-encoded random value unique to the request. This digest method, combined with the <wsu:Created> timestamp, resists offline attacks and replay attempts, as recipients cache nonces for the timestamp's validity period and reject duplicates or expired tokens. SAML integration via the SAML Token Profile allows WS-Security to incorporate Security Assertion Markup Language (SAML) assertions for federated identity. SAML v1.1 or v2.0 assertions, issued by identity providers, embed as <wsse:BinarySecurityToken> (Base64-encoded) or directly as SAML elements in the Security header, carrying subject confirmations, attributes, and authorization decisions. These tokens enable single sign-on across domains in SOAP exchanges, with signatures ensuring assertion integrity and binding to the message via WS-Security references. WS-Security mitigates key vulnerabilities inherent to XML-based messaging, including XML canonicalization attacks through exclusive canonicalization, which isolates the signed XML from external influences like document subsets or entity expansions that could enable signature bypassing. Replay protection relies on nonces in tokens and signed timestamps, ensuring one-time use; for instance, UsernameToken nonces prevent token reuse, while overall message nonces in signatures block duplicated requests within defined time bounds. WSDL 2.0 serves as the primary service description language for defining interfaces and bindings, providing an XML-based format to separate abstract service functionality from concrete protocol details such as SOAP messaging. The specification's Interface component outlines operations and fault handling in an abstract manner, while the Binding component maps these to specific protocols like 1.2, including details on message serialization and transmission. This enables developers to describe SOAP-based web services comprehensively, facilitating interoperability across implementations. WS-Policy complements SOAP by offering a framework to express service capabilities, requirements, and constraints, such as or quality-of-service , through XML-based assertions. It defines alternatives as collections of assertions that indicate what a SOAP service supports or mandates, allowing clients to select compatible interaction patterns during . For instance, WS-Policy can specify requirements for SOAP messages, ensuring consistent policy attachment to WSDL elements or runtime messages. UDDI, or Universal Description, Discovery, and Integration, functions as a registry standard for publishing and discovering -based web services, using XML structures to catalog business entities, services, and technical bindings. Its APIs, built on over HTTP, enable inquiries like finding service endpoints via binding templates that reference access points. Though now considered legacy due to the decline of public registries and shift toward decentralized discovery, UDDI version 3.0.2 remains influential for private enterprise service catalogs integrated with ecosystems. In modern enterprise settings, hybrid approaches integrate with RESTful APIs to leverage SOAP's strengths in complex, stateful transactions alongside REST's simplicity for lightweight interactions, often through integration platforms that mediate between the two. For example, tools like allow flows to invoke SOAP endpoints for reliable messaging while exposing REST interfaces for broader accessibility, enabling seamless orchestration in mixed-protocol environments.

Evaluation and Usage

Advantages

SOAP's strong typing, achieved through XML schemas, enables precise definition and validation of data structures, ensuring reliable and error-free exchanges in (B2B) scenarios where is paramount. This schema validation mechanism allows service providers to enforce contracts that prevent mismatches in data types and formats, reducing integration failures across diverse systems. The protocol's built-in extensibility, supported by XML namespaces and modular adjuncts, facilitates the addition of custom features without disrupting core functionality, promoting long-term in evolving enterprise architectures. As a W3C Recommendation, SOAP adheres to rigorous standards that ensure compatibility and future-proofing, allowing organizations to update services incrementally while preserving existing integrations. SOAP incorporates robust error handling via standardized fault elements, which detail codes, reasons, and details in a structured XML format, enabling systematic diagnosis and recovery in distributed environments. Furthermore, integration with WS-AtomicTransaction provides transaction support through coordination protocols that guarantee atomicity, consistency, isolation, and (ACID) properties for distributed operations, ensuring all-or-nothing outcomes in multi-system interactions. In heterogeneous systems, SOAP excels in by abstracting platform and language differences, allowing seamless communication between disparate technologies such as and .NET environments. This capability has been proven in regulated industries; for instance, in , SOAP underpins secure in banking systems. In healthcare, it supports for electronic health records and data transmission, as demonstrated by CDC-recommended implementations for EHR-IIS integration using HL7 over SOAP.

Criticisms and Limitations

One major criticism of is its verbosity, stemming from its reliance on XML for message formatting, which results in significantly larger payloads compared to lighter alternatives like used in APIs. This overhead can lead to increased bandwidth consumption and slower transmission times, particularly in high-volume or resource-constrained environments. For instance, SOAP messages often include extensive structures and schemas that inflate data size compared to equivalent REST representations. SOAP's complexity is another frequent point of , as it requires developers to navigate a steep due to the intricate WS-* standards stack, including specifications for , transactions, and reliability, which demand specialized tooling and configuration. Unlike simpler protocols, implementing a full SOAP service involves defining contracts via WSDL and handling multiple layers of abstraction, making it less accessible for rapid development in agile settings. This complexity often results in longer development cycles and higher maintenance costs for teams unfamiliar with the ecosystem. As of 2025, is increasingly viewed as a legacy technology with limited adoption in new web and architectures, where and are favored for their simplicity and alignment with modern practices. While persists in established enterprise domains like banking and healthcare, most contemporary projects opt for alternatives to avoid its overhead, leading to deprecation efforts in platforms like and . This shift reflects a broader industry preference for lightweight, scalable protocols in cloud-native environments. Security risks associated with SOAP arise primarily from its XML foundation, which can expose systems to parsing vulnerabilities such as XML External Entity (XXE) attacks if parsers are not securely configured to disable external entity resolution. These risks include potential data leakage or denial-of-service through malicious entity expansions, underscoring the need for rigorous validation in XML processing. Additionally, improper implementation of SOAP's security extensions can amplify threats like injection attacks, where untrusted input manipulates message structures.

References

  1. https://www.w3.org/TR/2000/NOTE-SOAP-20000508/
  2. https://www.w3.org/TR/soap12-part1/
  3. https://www.xml.com/pub/a/ws/2001/04/04/soap.html
  4. https://www.w3.org/TR/soap12-af/
  5. https://www.w3.org/TR/soap12-part0/
  6. https://home.cs.colorado.edu/~kena/classes/7818/f08/lectures/lecture_3_soap.pdf
  7. https://learn.microsoft.com/en-us/archive/msdn-magazine/2000/march/a-young-person-s-guide-to-the-simple-object-access-protocol-soap-increases-interoperability-across-platforms-and-languages
  8. https://www.w3.org/TR/soap12-part1/#soapprocmodel
  9. https://www.w3.org/TR/soap12-part1/#soapmep
  10. https://www.w3.org/TR/soap12-part1/#transpbindframew
  11. https://www.w3.org/TR/soap12-part1/#soaphead
  12. https://www.w3.org/TR/soap12-part1/#soapenvelope
  13. https://www.w3.org/TR/soap12-part1/#soapfault
  14. https://www.pearsonhighered.com/assets/samplechapter/0/6/7/2/0672326418.pdf
  15. http://xml.coverpages.org/soap.html
  16. https://www.w3.org/TR/soap12-part2/#AdvancingtheMediaType
  17. https://www.w3.org/TR/soap12-part1/#faultcodes
  18. https://www.w3.org/TR/soap12-part1/#VersionMismatch
  19. https://www.w3.org/TR/soap12-part2/#RPCConventions
  20. http://www.ws-i.org/profiles/basicprofile-1.0-2004-04-16.html
  21. https://www.w3.org/TR/2007/REC-soap12-part1-20070427/
  22. https://www.w3.org/TR/soap/
  23. https://aws.amazon.com/compare/the-difference-between-soap-rest/
  24. https://www.w3.org/TR/soap12-part1/#soapenv
  25. https://www.w3.org/TR/soap12-part2/#rpcsoapbdy
  26. https://www.w3.org/TR/soap12-part2/
  27. https://www.w3.org/TR/soap12-part2/#soapinhttp
  28. https://www.w3.org/TR/2000/NOTE-SOAP-20000508/#_Toc478383784
  29. https://www.w3.org/TR/soap12-part2/#actionfeature
  30. https://www.w3.org/TR/soap12-email/
  31. https://www.w3.org/TR/soap12-part1/#intro
  32. https://www.w3.org/TR/ws-addr-core/
  33. https://www.w3.org/TR/ws-addr-core/#EndpointReferences
  34. http://www.ra.ethz.ch/cdstore/www2002/alternate/395/index.html
  35. https://www.w3.org/TR/2007/REC-wsdl20-20070626/
  36. https://www.w3.org/TR/2001/NOTE-wsdl-20010315
  37. https://www.w3.org/TR/2007/NOTE-wsdl20-soap11-binding-20070626/
  38. http://www.ws-i.org/deliverables/basic1.1.html
  39. http://ws-i.org/profiles/BasicProfile-2.0-2010-11-09.html
  40. http://www.ws-i.org/deliverables/testingtools.html
  41. http://www.ws-i.org/Testing/Specs/AnalyzerFunctionalSpecification_Final_1.1.pdf
  42. https://www.ibm.com/docs/en/was-nd/8.5.5?topic=soap-differences-in-versions
  43. https://axis.apache.org/axis/java/user-guide.html
  44. https://axis.apache.org/axis2/java/core/docs/userguide-creatingclients.html
  45. https://learn.microsoft.com/en-us/dotnet/api/system.web.services.description.soapbinding?view=netframework-4.8.1
  46. https://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-SOAPMessageSecurity-01.htm
  47. https://www.oasis-open.org/standard/wssv1-1/
  48. https://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-UsernameTokenProfile-v1.1.1-os.html
  49. https://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-UsernameTokenProfile-01.htm
  50. https://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-SAMLTokenProfile-v1.1.1-os.html
  51. https://www.w3.org/TR/2007/REC-ws-policy-20070904/
  52. https://www.oasis-open.org/committees/uddi-spec/doc/spec/v3/uddi-v3.0.2-20041019.htm
  53. https://docs.oracle.com/en/cloud/paas/integration-cloud/integrations-user/integrations-concepts.html
  54. https://docs.oasis-open.org/ws-tx/wstx-wsat-1.2-spec.html
  55. https://www.harmonyerp.cloud/en/what-is-soap/
  56. https://www.cdc.gov/iis/downloads/SOAP-br.pdf
  57. https://blog.postman.com/soap-vs-rest/
  58. https://www.superblocks.com/blog/soap-vs-rest
  59. https://datamadeeazy.com/blog/rest-api-vs-soap-the-ultimate-2025-guide-for-developers-and-enterprises/
  60. https://cheatsheetseries.owasp.org/cheatsheets/XML_Security_Cheat_Sheet.html
  61. https://www.frontiersin.org/journals/computer-science/articles/10.3389/fcomp.2025.1595624/full
Add your contribution
Related Hubs
User Avatar
No comments yet.