328


Message Level Web Service Security


In summary, message level security technology lets you embed into the


message itself a range of security mechanisms, such as identity and security


tokens and certificates, and message encryption and signature mechanisms. The


technology associates this security information with the message and can process


and apply the specified security mechanisms. Message level security uses encryp 


tion and it uses a digital signature to bind the claims the identity attributes 


from a security token to message content. It is possible to layer additional func 


tionality on top of these basic mechanisms.


7.4.2 Comparing Security Mechanisms


The JAX RPC over SSL (discussed in  Security for Web Service Interactions  on


page 308) primarily concerns securing peer to peer communication. It relies on


HTTP over SSL to create a secure channel between two peers. 


Message level security takes a different approach, since it embeds the security


information within each message. Message level security has different character 


istics from SSL security. Let's compare these two approaches.


7.4.2.1


Transport Layer Security and SOAP Messages


HTTP over SSL protocol is a transport layer security mechanism that applies secu 


rity protection to messages only when they are  on the wire,  that is, during trans 


port. A message is encrypted and thus protected while it is on the wire.


However, the message data is decrypted at the transport layer boundary. At that


point, the message is unprotected and vulnerable while it is passed to other system


layers, whether operating system, application server, or J2EE application layers.


Thus, the duration of protection using HTTP is the lifetime of the message on the


wire at the transport layer.


Message level security not only persists beyond the transport layer, it lasts for


as long as the XML content is perceived as a SOAP message. Since the security is


applied to the SOAP message, the protection remains and the security information


is available to the application server container and to applications that have access


to SOAP messages through mechanisms and APIs such as JAX RPC handlers and


SAAJ. The duration of protection for message level security is the lifetime of the


SOAP message, and this can span the transport boundary. 


Message level security has other advantages in addition to providing a longer


duration of protection. Because security is part of the SOAP message, applications


can support Web service interactions that require maintaining protection through 








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting