You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by pa...@hss.hns.com on 2004/07/01 10:25:41 UTC
RE: Signed SOAP messages
Thanks Anne for your explanation.
I came across this article today, which explains the need for both (SSL
and SOAP digital signature)
http://www-106.ibm.com/developerworks/webservices/library/ws-soapsec/
regards,
Parag.
******************************************************************************************************
Digital signature is used for authentication, message integrity, and
non-repudiation.
SSL supports authentication and message confidentiality.
Digital signature is an application-level security measure, which supports
end-to-end security. It works regardless of the number of hops between
originating sender and ultimate receiver. Digital signature can also be
used as an additional form of identification for authentication. (For
sensitive resources, you may require multiple forms of identification –
something you have [a key]; something you know [a password], and something
you are [a biometric feature]. Digital signature proves that you have a
key.)
SSL is a network-level security measure, which supports point-to-point
security. It works between two network endpoints, but it becomes
compromised (or fails completely) if the message needs to be routed
through multiple intermediaries. SSL authentication offers strong
authentication (based on a key), but the key belongs to the last network
port – not necessary the originating client.
Regards,
Anne
*********************** HSS-Unclassified ***********************