Chapter 7 Security
331
tomer relations, message brokers, supplier only the appropriate participants,
such as a financial department, can read the encrypted information. You could also
apply different security mechanisms, such as different encryption algorithms, to
various parts of a message, ensuring that only intended recipients can decrypt
those parts of the message. Finer grained control also supports intermediaries
whose processing requires access to a small part of the message data, such as
intermediaries that route messages to appropriate recipients.
7.4.2.4
Maturity of the Security Technologies
Message level security is still an emerging technology, with relatively new specifi
cations, some of which are not yet standardized. Moreover, these new specifications
may not completely cover all security considerations.
HTTP over SSL is a mature, widely used and well understood standard technol
ogy. It is a technology that has been analyzed extensively and has held up against
varied security threats. This technology supports both client and server authentica
tion, data integrity, data confidentiality, and point to point secure sessions. The
J2EE 1.4 platform relies on this technology to provide Web service interactions with
standard portable and interoperable support.
Keep in mind that message level security mechanisms are designed to inte
grate with existing security mechanisms, such as transport security, public key
infrastructure (PKI), and X.509 certificates. You can also use both message level
security and transport layer security together to satisfy your security requirements.
For example, you might use a message level digital signature while at the same
time exchanging the message using HTTP over SSL.
7.4.3 Emerging Message Level Security Standards
Since it is a new technology, there are a number of emerging standards for message
level security. These new specifications, which are part of the Organization for the
Advancement of Structured Information Standards (OASIS), the World Wide Web
Consortium (W3C), the Internet Engineering Task Force (IETF), and other stan
dards bodies, concentrate on message level security for XML documents. New Java
APIs are also emerging to support these industry Web service security standards.
These APIS are developed as Java Specification Requests (JSRs) through the Java
Community Process, and future versions of the Java platform may include them.
The emerging specifications address security issues such as identity, secu
rity tokens and certificates, authentication, authorization, encryption, message
footer
Our web partners:
Inexpensive
Web Hosting
Java Web Hosting
personal webspace
webspace php
linux webhost
html web templates
DreamweaverQuality Web Templates
PSD Web Templates
cheap webhost
j2ee web Hosting
buy webspace
ftp webspace
adult webspace
frontpage WebHosting
webspace hosting
cheap webhost
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved
aol web hosting