326
Message Level Web Service Security
A guarding component can make application security more manageable by
centralizing security access to a set of components in a single component.
7.4
Message Level Web Service Security
Message level security, or securing Web services at the message level, addresses the
same security requirements identity, authentication, authorization, integrity,
confidentiality, non repudiation, and basic message exchange as traditional Web
security. Both traditional Web and message level security share many of the same
mechanisms for handling security, including digital certificates, encryption, and
digital signatures. Today, new mechanisms and standards are emerging that make it
not only possible but easier to implement message level security.
Traditional Web security mechanisms, such as HTTPS, may be insufficient to
manage the security requirements of all Web service scenarios. For example,
when an application sends a document with JAX RPC using HTTPS, the message
is secured only for the HTTPS connection, that is, during the transport of the doc
ument between the service requester (the client) and the service. However, the
application may require that the document data be secured beyond the HTTPS
connection, or even beyond the transport layer. By securing Web services at the
message level, message level security is capable of meeting these expanded
requirements.
7.4.1 Understanding Message Level Security
Message level security, which applies to XML documents sent as SOAP messages,
makes security part of the message itself by embedding all required security infor
mation in a message's SOAP header. In addition, message level security can apply
security mechanisms, such as encryption and digital signature, to the data in the
message itself.
With message level security, the SOAP message itself either contains the
information needed to secure the message or it contains information about where
to get that information to handle security needs. The SOAP message also contains
information relevant to the protocols and procedures for processing the specified
message level security. However, message level security is not tied to any particu
lar transport mechanism: Since they are part of the message, the security mecha
nisms are independent of a transport protocol such as HTTPS.
JAX RPC hides the details of a SOAP message exchange, but, to understand
message level security, it's helpful to examine a SOAP message in more detail.
footer
Our web partners:
Inexpensive
Web Hosting
Java Web Hosting
personal webspace
webspace php
linux webhost
html web templates
DreamweaverQuality Web Templates
PSD Web Templates
cheap webhost
j2ee web Hosting
buy webspace
ftp webspace
adult webspace
frontpage WebHosting
webspace hosting
cheap webhost
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved
aol web hosting