Adding Signature Confirmation

The WS-Security 1.1 <SignatureConfirmation> feature enables a web client to ensure that a received SOAP message was generated in response to the original request sent by the web client. The client request is typically signed but does not have to be. In this mechanism, the web service adds a <SignatureConfirmation> element to the security header element, and the web client can check that <SignatureConfirmation> element.

For a web service, to add a <SignatureConfirmation> element to the security header element:

Call the WSAddSignatureConfirmation() method of the web service. For the argument, specify the main signature of the security header element. For example:
```
 do ..WSAddSignatureConfirmation(sig)
```
Send the SOAP message as usual. See the general comments in Adding Security Header Elements.

This method adds WS-Security 1.1 <SignatureConfirmation> elements to the outbound message. It adds a <SignatureConfirmation> element to the SecurityOut property for each <Signature> received in SecurityIn.

If SecurityIn does not include a signature, then a <SignatureConfirmation> element is added with no Value attribute, as required by WS-Security 1.1.

For information on validating <SignatureConfirmation> elements, see Checking the Signature Confirmation.

Specifying the Canonicalization Method for <KeyInfo>