Why Web Service security is so important nowadays
SSL Limitations:
To learn more on this please read the references below.
Reference: http://bit.ly/1Nvo1Vt
- Interaction between communicating partners increasing from Intranet to Internet
- Communicating partners are more likely to interact with each other without need for establishing business or human relationship first.
- Program to program communication increases.
- Large number of interactions.
SSL Limitations:
- SSL is point to point - where as we need end 2 end security, as typical enterprise application has multiple layers.
- SSL is transport layer security - not message level security - data in disk cannot be protected by ssl
- HTTPS - does not support nonrepudiation well - critical for business
- server can prove that a completed transaction was requested by a client (in case a dispute arises)
- SSL does not support element wise signing - i.e. sign only the credit card details of the entire message.
- XML digital signature - is a mathematical scheme to make sure
- authentication, data integrity (tamper-proofing), and nonrepudiation
- canonicalization of XML documents
- provides a flexible means of signing and supports diverse sets of Internet transaction models
- XML Encryption
- XML syntax for representing encrypted data and to establish procedures for encrypting and decrypting such data
- for eg: only the credit card data is encrypted
- XKMS (XML Key Management Specification)
- XKISS (XML Key Information Service Specification) and XKRSS (XML Key Registration Service Specification)
- XACML (Extensible Access Control Markup Language)
- SAML (Secure Assertion Markup Language)
- WS-Security (Web Services Security)
- ebXML Message Service
- The Liberty Alliance Project
To learn more on this please read the references below.
Reference: http://bit.ly/1Nvo1Vt
No comments:
Post a Comment