Chapter 7 Security
331
tomer relations, message brokers, supplier only the appropriate participants,
such as a financial department, can read the encrypted information. You could also
apply different security mechanisms, such as different encryption algorithms, to
various parts of a message, ensuring that only intended recipients can decrypt
those parts of the message. Finer grained control also supports intermediaries
whose processing requires access to a small part of the message data, such as
intermediaries that route messages to appropriate recipients. 
7.4.2.4
Maturity of the Security Technologies
Message level security is still an emerging technology, with relatively new specifi 
cations, some of which are not yet standardized. Moreover, these new specifications
may not completely cover all security considerations. 
HTTP over SSL is a mature, widely used and well understood standard technol 
ogy. It is a technology that has been analyzed extensively and has held up against
varied security threats. This technology supports both client and server authentica 
tion, data integrity, data confidentiality, and point to point secure sessions. The
J2EE 1.4 platform relies on this technology to provide Web service interactions with
standard portable and interoperable support.
Keep in mind that message level security mechanisms are designed to inte 
grate with existing security mechanisms, such as transport security, public key
infrastructure (PKI), and X.509 certificates. You can also use both message level
security and transport layer security together to satisfy your security requirements.
For example, you might use a message level digital signature while at the same
time exchanging the message using HTTP over SSL.
7.4.3 Emerging Message Level Security Standards 
Since it is a new technology, there are a number of emerging standards for message 
level security. These new specifications, which are part of the Organization for the
Advancement of Structured Information Standards (OASIS), the World Wide Web
Consortium (W3C), the Internet Engineering Task Force (IETF), and other stan 
dards bodies, concentrate on message level security for XML documents. New Java
APIs are also emerging to support these industry Web service security standards.
These APIS are developed as Java Specification Requests (JSRs) through the Java
Community Process, and future versions of the Java platform may include them.
The emerging specifications address security issues such as identity, secu 
rity tokens and certificates, authentication, authorization, encryption, message






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting