You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by pa...@hss.hns.com on 2004/07/01 10:25:41 UTC

RE: Signed SOAP messages

Thanks Anne for your explanation. 

I came across this article today, which explains the need for both (SSL 
and SOAP digital signature)

http://www-106.ibm.com/developerworks/webservices/library/ws-soapsec/

regards,
Parag.

******************************************************************************************************

Digital signature is used for authentication, message integrity, and 
non-repudiation. 

SSL supports authentication and message confidentiality.
 
Digital signature is an application-level security measure, which supports 
end-to-end security. It works regardless of the number of hops between 
originating sender and ultimate receiver. Digital signature can also be 
used as an additional form of identification for authentication. (For 
sensitive resources, you may require multiple forms of identification – 
something you have [a key]; something you know [a password], and something 
you are [a biometric feature]. Digital signature proves that you have a 
key.) 
 
SSL is a network-level security measure, which supports point-to-point 
security. It works between two network endpoints, but it becomes 
compromised (or fails completely) if the message needs to be routed 
through multiple intermediaries. SSL authentication offers strong 
authentication (based on a key), but the key belongs to the last network 
port – not necessary the originating client.
 
Regards,
Anne

***********************  HSS-Unclassified   ***********************