328
Message Level Web Service Security
In summary, message level security technology lets you embed into the
message itself a range of security mechanisms, such as identity and security
tokens and certificates, and message encryption and signature mechanisms. The
technology associates this security information with the message and can process
and apply the specified security mechanisms. Message level security uses encryp 
tion and it uses a digital signature to bind the claims the identity attributes 
from a security token to message content. It is possible to layer additional func 
tionality on top of these basic mechanisms.
7.4.2 Comparing Security Mechanisms
The JAX RPC over SSL (discussed in  Security for Web Service Interactions  on
page 308) primarily concerns securing peer to peer communication. It relies on
HTTP over SSL to create a secure channel between two peers. 
Message level security takes a different approach, since it embeds the security
information within each message. Message level security has different character 
istics from SSL security. Let's compare these two approaches.
7.4.2.1
Transport Layer Security and SOAP Messages
HTTP over SSL protocol is a transport layer security mechanism that applies secu 
rity protection to messages only when they are  on the wire,  that is, during trans 
port. A message is encrypted and thus protected while it is on the wire.
However, the message data is decrypted at the transport layer boundary. At that
point, the message is unprotected and vulnerable while it is passed to other system
layers, whether operating system, application server, or J2EE application layers.
Thus, the duration of protection using HTTP is the lifetime of the message on the
wire at the transport layer.
Message level security not only persists beyond the transport layer, it lasts for
as long as the XML content is perceived as a SOAP message. Since the security is
applied to the SOAP message, the protection remains and the security information
is available to the application server container and to applications that have access
to SOAP messages through mechanisms and APIs such as JAX RPC handlers and
SAAJ. The duration of protection for message level security is the lifetime of the
SOAP message, and this can span the transport boundary. 
Message level security has other advantages in addition to providing a longer
duration of protection. Because security is part of the SOAP message, applications
can support Web service interactions that require maintaining protection through 






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting