About encrypting a SOAPHeader in either interaction layer or processing layer
posted 3 years ago
In EPractice lab, a question "A web service needs to encrypt certain SOAP headers when responding."
Which is true?
a. The web service interaction layer is the appropriate place for such encryption.
b. The web service processing layer is the appropriate place for such encryption
c. Either the web service interaction or processing layer is appropriate for such encryption.
d. Neither the web service interaction nor processing layer is appropriate for such encryption.
I believe the answer should be c.
According to Ivan's notes:
Responsibility of service interaction layer:
- generate and send responses to client
Responsibility of processing layer:
- contain all business logic
-generate data to be sent with the response to the client, if a response is to be given.
I think it is fine to encrypt the header when the response is to be generated in the interaction layer. It is also fine to consider the encryption should be done in the business logic implementation.