ws-soap-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Geuer-Pollmann <geuer-pollm...@nue.et-inf.uni-siegen.de>
Subject RE: SOAP security
Date Wed, 09 Jan 2002 12:27:20 GMT
Currently, we're working an an interface between the xml-axis and 
xml-security projects.

What do you mean by "authentication of SOAP services sn under review" ?


Christian

--On Mittwoch, 9. Januar 2002 09:32 +0000 Edward Yeboah 
<edward@egsgroup.com> wrote:

> Actually, this is an area I am working on.
>
> However, our requirement is for permissioning of services to groups of
> client hosts.
>
> SSL simply ensures that the messages cannot be tapped.
>
> I believe authentication of SOAP services in under review.
>
> Edward
>
>> -----Original Message-----
>> From: Christian Geuer-Pollmann
>> [mailto:geuer-pollmann@nue.et-inf.uni-siegen.de]On Behalf Of Christian
>> Geuer-Pollmann
>> Sent: 02 January 2002 15:51
>> To: soap-dev@xml.apache.org
>> Subject: RE: SOAP security
>>
>>
>> As always, the answer depends on your security requirements:
>> What do you
>> want to 'secure'?
>>
>> Confidentiality while 'traveling' through the internet?
>> Right, SSL is the
>> correct choice.
>>
>> Non-repudiation or authentication or integrity? SSL wont do
>> that. Use XML
>> Signature.
>>
>> Real end-to-end-confidentiality: Use XML Encryption.
>>
>>
>> For a full-blown XML Signature implementation look @
>> http://xml.apache.org/security/
>>
>> Christian
>>
>> --On Mittwoch, 2. Januar 2002 08:03 -0700
>> armstpat@WellsFargo.COM wrote:
>>
>> > Just use SSL and it is good.
>> >
>> > -----Original Message-----
>> > From: lp_cm@hotmail.com [mailto:lp_cm@hotmail.com]
>> >
>> > I wonder the security of the SOAP on the Internet.
>>





Mime
View raw message