Chapter 7 Security


329


out the entire system or into the application layer. Having security as part of the


message also makes it possible to persist both the message data and its security


information. For example, perhaps to prove that a message was sent, an applica 


tion may need to persist the message data and the digital signature bound to the


message. Or, to protect against internal threats, an application may need to keep


data in a SOAP message confidential, even to the application layer. HTTPS, since


it only protects a message during transport, cannot give the application layer this


encryption protection for the data.


7.4.2.2


Peer Entity and Data Origin Authentication


Two kinds of authentication in a network are: peer entity authentication and data


origin authentication. With peer entity authentication, the security service verifies


that the identity of a peer in an association such as a session between a sender and


receiver is the identity claimed. Note that there must be an association between the


two parties.


Data origin authentication verifies that the original source of a received


message is as claimed, but, unlike peer entity authentication, no association


between the sender and receiver is required. With data origin authentication, a


target receiver can verify the identity of a message as belonging to the original


message creator even if the message passes from its initial source through multi 


ple participants before arriving at the target receiver. 


A Web service interaction that uses HTTPS supports peer entity authentica 


tion, because the interaction covers just the connection between two peers.


Message level security supports data origin authentication, since its security is


tied to the SOAP message itself rather than the transport mechanism.


Using HTTPS is disadvantageous in multi hop scenarios where a message


passes through numerous intermediate participants between the initial sender and


target receiver, because each message exchange requires establishing a new asso 


ciation between the communicating participants. Furthermore, SSL requires that


each participant decrypt each received message, then encrypt the same message


before transmitting it to the next participant in the workflow. SSL, relying on peer


entity authentication, does not support end to end multi hop message exchange.


(See Figure 7.6.)








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting