330
Message Level Web Service Security
Workflow participants using HTTPS
authenticate
authenticate
authenticate
A
B
C
D
Figure 7.6
Authentication Between Point to Point Participants
Web service scenarios that pass messages to multiple participants lend them
selves to using message level security. Since message level security is based on
data origin authentication, an application that passes messages to numerous inter
mediary participants on the way to the target recipient can verify, at each interme
diary point and at the final target recipient, that the initial message creator identity
associated with the message is as claimed. In other words, the initial message
content creator's identity moves with the message through the chain of recipients.
7.4.2.3
Levels of Granularity
In addition to handling end to end use cases, message level security can provide
security at a more granular level than HTTPS. The ability to apply security at differ
ent levels of granularity is important. Consider scenarios that handle XML docu
ments, which are composed of a nested hierarchy of elements and subelements
making them inherently granular. Message level security, which is XML aware, can
be more flexible in applying security mechanisms to a message than HTTPS.
For example, suppose you need to encrypt only certain elements or fragments
of an XML document to be sent as a SOAP message. If you use HTTPS, you
essentially encrypt the entire SOAP message since HTTPS encrypts everything
passed on the wire. If you use message level security, you can encrypt just a
portion of the XML document, then send a SOAP message that is partially
encrypted. Since encryption is computationally intensive, encrypting an entire
document (particularly a large one) can impact performance.
Message level security's finer grained control in applying security protections
is useful in common Web service interactions, such as end to end scenarios. You
can apply different security to portions of a document so that participants in a
workflow may only access those fragments applicable to their separate functions.
For example, an application handling purchase orders may encrypt just credit card
information. As the order passes among numerous workflow participants cus
footer
Our web partners:
Inexpensive
Web Hosting
Java Web Hosting
personal webspace
webspace php
linux webhost
html web templates
DreamweaverQuality Web Templates
PSD Web Templates
cheap webhost
j2ee web Hosting
buy webspace
ftp webspace
adult webspace
frontpage WebHosting
webspace hosting
cheap webhost
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved
aol web hosting