Should the SOAP header be specified in the XSD?

I am writing a web service, thus also writing an XSD to pass to the appropriate collegues to tell them what the web service expects. The service has a SOAP header which contains some security information for authentication. Should this be specified in the XSD? If so, is it simply specified lik开发者_运维知识库e other body elements?

Thanks in advance.

There are a couple ways to answer this.

It's true that the WSDL needs to specify some information about what you expect in the Soap header. However, if this information is structured according to some custom schema, then that should be encoded in a schema (probably separate from the schema that defines your body elements) and referenced from the WSDL.

I would also say that if you're planning on specifying authentication information in the header, you shouldn't reinvent the wheel. Use the schema and structures defined for WS-Security. Although you can specify quite complex structures with WS-Security, just specifying a principal and credential is relatively simple.