• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • salvin francis
  • fred rosenberger

Message Level Security

Ranch Hand
Posts: 34
Mac IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

Can someone please let me know what are the topics that are included in "message level security" with regards to certification, as I am getting loads of different results on googling, so would like to keep the topic scope to certification only. I found that following topics discuss message level security but it looks like a very huge topic in itself, can you help me narrow down the scope.

- Configuring Message Security Using XWSS
 XML Encryption
 XML Digital signature API
 XKMS (XML Key Management Specification)
 SAML (Security Assertion Markup Language)
- XML Digital Sinature API

Ranch Foreman
Posts: 1905
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you have Ivan Krizsan's version 5 of the exam study guide? If not, you can sign up a free slideshare.com account to download one.
In Ivan's notes, he talks about message level security vs HTTPS.
- encrypt the whole message
- intermediate nodes cannot decrypt the whole message and that is why the message cannot be sent via intermediate nodes.
- message is decrypted once it leaves the wire. Security is not guaranteed at the time it arrives at the receiver.

Message level security:
- encrypt only part(s) of the message
-intermediate nodes don't need to decrypt those parts and can still process other part(s) the nodes understand.
- message is encrypted when it leaves the wire. Security is guaranteed.

For those topics:
Configuring Message Security Using XWSS
-XML Encryption - need to know WS-Security uses it to encrypt a message, read MZ's notes version 5 for detail.
-XML Digital signature API - need to know enveloping signature, enveloped signature, detached signature
-KMS (XML Key Management Specification) - manage key's creation, recovery, register...
-SAML (Security Assertion Markup Language) - need to know it is used for single sign on (sso), authentication and authorization.
-XACML - for access control (authorization)
Hang a left on main. Then read this tiny ad:
Devious Experiments for a Truly Passive Greenhouse!
    Bookmark Topic Watch Topic
  • New Topic