Bugzilla – Bug 2907
Secure Conversation (Encryption) does not provide any message level security for the SOAP headers
Last modified: 2005-08-31 09:19:41
You need to
before you can comment on or make changes to this bug.
When Secure Conversation Encryption is enabled for a service/resource
invocation, the headers of the SOAP messages is not signed or encrypted.
So, there is no confidentiality or integrity provided for the headers.