• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SCEA Assignment - Securing communication with an external system

 
Arnold Reuser
Ranch Hand
Posts: 196
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Assume communication with an external system, that is not under my control, is required.
Because of the sensitivity of the information communicated I would like to assume two-way SSL is required.

My question is whether this assumption is not too exotic.
This because the external system has to accept and use the provided SSL certificate during communication.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 35279
384
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think that assumption is fine. Secure web services is a perfectly normal thing to do.
 
Arnold Reuser
Ranch Hand
Posts: 196
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just for future reference. If you would like to have more detail on this :

Facing web services security challenges as identified by WS-I Security Challanges.
The practices in the Guide to Secure Web Services provided by the National Institute of Standards and Technology have extensive detail on the threats mitigated by a given standard; summarized in the matrix provided below. Based on this matrix two-way SSL could be, based on the threats identified, a solution.


threats_addressed.png
[Thumbnail for threats_addressed.png]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic