SCJP J2SE 1.4<br />SCBCD J2EE 1.3
How can we make sure that our web service is secure? Would using SSL with Client authentication be sufficient? I have been reading a few articles around XML Digital Signatures and XML Encryption/SAML ...etc but this all seems to be message-level security and I don't feel that those technologies are relevant.
SCJP J2SE 1.4<br />SCBCD J2EE 1.3
SCJP J2SE 1.4<br />SCBCD J2EE 1.3
Jait Thomas
SCJP 1.2, SCWCD, SCDJWS 1.4 & 5, SCBCD 5
SCJP J2SE 1.4<br />SCBCD J2EE 1.3
I cannot see what WSS offers that cannot be accomplished through SSL
the identity of the caller can be verified through a client digital certificate which is registered at the server-side trust store.
SSL encryption -being a transport-level protocol- ends the moment the request arrives at the web server (or SSL terminator); from then on, the data is unencrypted.
It takes a certain effort to add a certificate to the truststore for each client; WSS authentication would allow you to work with a DB (or LDAP) repository.
SCJP J2SE 1.4<br />SCBCD J2EE 1.3
Hey! Wanna see my flashlight? It looks like this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
|