330
Message Level Web Service Security
Workflow participants using HTTPS
authenticate
authenticate
authenticate
A
B
C
D
Figure 7.6
Authentication Between Point to Point Participants
Web service scenarios that pass messages to multiple participants lend them 
selves to using message level security. Since message level security is based on
data origin authentication, an application that passes messages to numerous inter 
mediary participants on the way to the target recipient can verify, at each interme 
diary point and at the final target recipient, that the initial message creator identity
associated with the message is as claimed. In other words, the initial message
content creator's identity moves with the message through the chain of recipients. 
7.4.2.3
Levels of Granularity
In addition to handling end to end use cases, message level security can provide
security at a more granular level than HTTPS. The ability to apply security at differ 
ent levels of granularity is important. Consider scenarios that handle XML docu 
ments, which are composed of a nested hierarchy of elements and subelements
making them inherently granular. Message level security, which is XML aware, can
be more flexible in applying security mechanisms to a message than HTTPS. 
For example, suppose you need to encrypt only certain elements or fragments
of an XML document to be sent as a SOAP message. If you use HTTPS, you
essentially encrypt the entire SOAP message since HTTPS encrypts everything
passed on the wire. If you use message level security, you can encrypt just a
portion of the XML document, then send a SOAP message that is partially
encrypted. Since encryption is computationally intensive, encrypting an entire
document (particularly a large one) can impact performance. 
Message level security's finer grained control in applying security protections
is useful in common Web service interactions, such as end to end scenarios. You
can apply different security to portions of a document so that participants in a
workflow may only access those fragments applicable to their separate functions.
For example, an application handling purchase orders may encrypt just credit card
information. As the order passes among numerous workflow participants cus 






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting