326
Message Level Web Service Security
A guarding component can make application security more manageable by 
centralizing security access to a set of components in a single component.
7.4
Message Level Web Service Security
Message level security, or securing Web services at the message level, addresses the
same security requirements identity, authentication, authorization, integrity,
confidentiality, non repudiation, and basic message exchange as traditional Web
security. Both traditional Web and message level security share many of the same
mechanisms for handling security, including digital certificates, encryption, and
digital signatures. Today, new mechanisms and standards are emerging that make it
not only possible but easier to implement message level security. 
Traditional Web security mechanisms, such as HTTPS, may be insufficient to
manage the security requirements of all Web service scenarios. For example,
when an application sends a document with JAX RPC using HTTPS, the message
is secured only for the HTTPS connection, that is, during the transport of the doc 
ument between the service requester (the client) and the service. However, the
application may require that the document data be secured beyond the HTTPS
connection, or even beyond the transport layer. By securing Web services at the
message level, message level security is capable of meeting these expanded
requirements. 
7.4.1 Understanding Message Level Security 
Message level security, which applies to XML documents sent as SOAP messages,
makes security part of the message itself by embedding all required security infor 
mation in a message's SOAP header. In addition, message level security can apply
security mechanisms, such as encryption and digital signature, to the data in the
message itself. 
With message level security, the SOAP message itself either contains the
information needed to secure the message or it contains information about where
to get that information to handle security needs. The SOAP message also contains
information relevant to the protocols and procedures for processing the specified
message level security. However, message level security is not tied to any particu 
lar transport mechanism: Since they are part of the message, the security mecha 
nisms are independent of a transport protocol such as HTTPS.
JAX RPC hides the details of a SOAP message exchange, but, to understand
message level security, it's helpful to examine a SOAP message in more detail.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting