• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Message Level Security

 
Ranch Hand
Posts: 34
Mac IntelliJ IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

Can someone please let me know what are the topics that are included in "message level security" with regards to certification, as I am getting loads of different results on googling, so would like to keep the topic scope to certification only. I found that following topics discuss message level security but it looks like a very huge topic in itself, can you help me narrow down the scope.

- Configuring Message Security Using XWSS
 XML Encryption
 XML Digital signature API
 XKMS (XML Key Management Specification)
 SAML (Security Assertion Markup Language)
- XML Digital Sinature API

Thanks
 
Bartender
Posts: 2418
13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do you have Ivan Krizsan's version 5 of the exam study guide? If not, you can sign up a free slideshare.com account to download one.
In Ivan's notes, he talks about message level security vs HTTPS.
HTTPS:
- encrypt the whole message
- intermediate nodes cannot decrypt the whole message and that is why the message cannot be sent via intermediate nodes.
- message is decrypted once it leaves the wire. Security is not guaranteed at the time it arrives at the receiver.

Message level security:
- encrypt only part(s) of the message
-intermediate nodes don't need to decrypt those parts and can still process other part(s) the nodes understand.
- message is encrypted when it leaves the wire. Security is guaranteed.

For those topics:
Configuring Message Security Using XWSS
-XML Encryption - need to know WS-Security uses it to encrypt a message, read MZ's notes version 5 for detail.
-XML Digital signature API - need to know enveloping signature, enveloped signature, detached signature
-KMS (XML Key Management Specification) - manage key's creation, recovery, register...
-SAML (Security Assertion Markup Language) - need to know it is used for single sign on (sso), authentication and authorization.
-XACML - for access control (authorization)
 
If you open the box, you will find Heisenberg strangling Shrodenger's cat. And waving this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic