Questionmark's Open Assessment Platform

In-built security

The internal security of QMWISe is provided by using SOAP headers in the request and response messages. SOAP headers are part of the data model. These headers can be enabled or disabled with configuration settings.

The SOAP header for both request and response headers has the form:

<soap:Header>

<Security xmlns="http://questionmark.com/QMWIS/">

<ClientID>String</ClientID>

<Checksum>String</Checksum>

</Security>

</soap:Header>

The use of the ClientID and Checksum parameters are described below for the SOAP request header and the SOAP response header.

The Checksum is a Message Digest 5 (MD5) checksum calculated from a string formed by concatenating the ClientID above with the encrypted password for the administrator.

For more information on header information, refer to QMWISe header information. For more information on MD5 checksums, please refer to:

www.w3.org/TR/1998/REC-DSig-label/MD5-1_0

The SOAP request header

In the header for a SOAP request message, the ClientID must be a valid Perception administrator name. The administrator must have permission to change the server configuration.

The QMWISe software is installed with the QMWISe test harness that includes a utility for generating the checksum from an administrator name and their password.

A typical SOAP request header would be:

<soap:Header>

<Security xmlns="http://questionmark.com/QMWIS/">

<ClientID>User1</ClientID>

<Checksum>e0659c4bc447ee94eaba79ae1c2369c0</Checksum>

</Security>

</soap:Header>

Permission to change server configuration

This is set when the administrator is created or edited:

The option Server Configuration must be checked in Enterprise Manager for the administrator user you intend to use with QMWISe.

In the header for a SOAP response message, the ClientID must be the URL of the web service itself.

A typical SOAP response header would be as follows:

<soap:Header>

<Security xmlns="http://questionmark.com/QMWIS/">

<ClientID>http://perceptionserver/qmwise5/qmwis.asmx</ClientID>

<Checksum>f60412a2dc05382a3db4fdd586dea91c</Checksum>

</Security>

</soap:Header>