• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Message Level Security

 
Mujahed Syed
Ranch Hand
Posts: 34
IntelliJ IDE Java Mac
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

Can someone please let me know what are the topics that are included in "message level security" with regards to certification, as I am getting loads of different results on googling, so would like to keep the topic scope to certification only. I found that following topics discuss message level security but it looks like a very huge topic in itself, can you help me narrow down the scope.

- Configuring Message Security Using XWSS
 XML Encryption
 XML Digital signature API
 XKMS (XML Key Management Specification)
 SAML (Security Assertion Markup Language)
- XML Digital Sinature API

Thanks
 
Himai Minh
Ranch Hand
Posts: 1359
7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you have Ivan Krizsan's version 5 of the exam study guide? If not, you can sign up a free slideshare.com account to download one.
In Ivan's notes, he talks about message level security vs HTTPS.
HTTPS:
- encrypt the whole message
- intermediate nodes cannot decrypt the whole message and that is why the message cannot be sent via intermediate nodes.
- message is decrypted once it leaves the wire. Security is not guaranteed at the time it arrives at the receiver.

Message level security:
- encrypt only part(s) of the message
-intermediate nodes don't need to decrypt those parts and can still process other part(s) the nodes understand.
- message is encrypted when it leaves the wire. Security is guaranteed.

For those topics:
Configuring Message Security Using XWSS
-XML Encryption - need to know WS-Security uses it to encrypt a message, read MZ's notes version 5 for detail.
-XML Digital signature API - need to know enveloping signature, enveloped signature, detached signature
-KMS (XML Key Management Specification) - manage key's creation, recovery, register...
-SAML (Security Assertion Markup Language) - need to know it is used for single sign on (sso), authentication and authorization.
-XACML - for access control (authorization)
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic