Chapter 7 Security
329
out the entire system or into the application layer. Having security as part of the
message also makes it possible to persist both the message data and its security
information. For example, perhaps to prove that a message was sent, an applica 
tion may need to persist the message data and the digital signature bound to the
message. Or, to protect against internal threats, an application may need to keep
data in a SOAP message confidential, even to the application layer. HTTPS, since
it only protects a message during transport, cannot give the application layer this
encryption protection for the data.
7.4.2.2
Peer Entity and Data Origin Authentication
Two kinds of authentication in a network are: peer entity authentication and data
origin authentication. With peer entity authentication, the security service verifies
that the identity of a peer in an association such as a session between a sender and
receiver is the identity claimed. Note that there must be an association between the
two parties.
Data origin authentication verifies that the original source of a received
message is as claimed, but, unlike peer entity authentication, no association
between the sender and receiver is required. With data origin authentication, a
target receiver can verify the identity of a message as belonging to the original
message creator even if the message passes from its initial source through multi 
ple participants before arriving at the target receiver. 
A Web service interaction that uses HTTPS supports peer entity authentica 
tion, because the interaction covers just the connection between two peers.
Message level security supports data origin authentication, since its security is
tied to the SOAP message itself rather than the transport mechanism.
Using HTTPS is disadvantageous in multi hop scenarios where a message
passes through numerous intermediate participants between the initial sender and
target receiver, because each message exchange requires establishing a new asso 
ciation between the communicating participants. Furthermore, SSL requires that
each participant decrypt each received message, then encrypt the same message
before transmitting it to the next participant in the workflow. SSL, relying on peer
entity authentication, does not support end to end multi hop message exchange.
(See Figure 7.6.)






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting