Web Services Security X.509 Certificate Token Profile 1.1

This specification describes the use of the X.509 authentication framework with the Web Services Security: SOAP Message Security specification [WS-Security].

An X.509 certificate specifies a binding between a public key and a set of attributes that includes 107 (at least) a subject name, issuer name, serial number and validity interval.

This binding may be 108 subject to subsequent revocation advertised by mechanisms that include issuance of CRLs, OCSP tokens or mechanisms that are outside the X.509 framework, such as XKMS.

An X.509 certificate may be used to validate a public key that may be used to authenticate a SOAP message or to identify the public key with a SOAP message that has been encrypted.