ws-soap-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Edward Yeboah" <edw...@egsgroup.com>
Subject RE: SOAP security
Date Wed, 09 Jan 2002 09:32:53 GMT
Actually, this is an area I am working on.

However, our requirement is for permissioning of services to groups of
client hosts.

SSL simply ensures that the messages cannot be tapped.

I believe authentication of SOAP services in under review.

Edward

> -----Original Message-----
> From: Christian Geuer-Pollmann
> [mailto:geuer-pollmann@nue.et-inf.uni-siegen.de]On Behalf Of Christian
> Geuer-Pollmann
> Sent: 02 January 2002 15:51
> To: soap-dev@xml.apache.org
> Subject: RE: SOAP security
> 
> 
> As always, the answer depends on your security requirements: 
> What do you 
> want to 'secure'?
> 
> Confidentiality while 'traveling' through the internet? 
> Right, SSL is the 
> correct choice.
> 
> Non-repudiation or authentication or integrity? SSL wont do 
> that. Use XML 
> Signature.
> 
> Real end-to-end-confidentiality: Use XML Encryption.
> 
> 
> For a full-blown XML Signature implementation look @ 
> http://xml.apache.org/security/
> 
> Christian
> 
> --On Mittwoch, 2. Januar 2002 08:03 -0700 
> armstpat@WellsFargo.COM wrote:
> 
> > Just use SSL and it is good.
> >
> > -----Original Message-----
> > From: lp_cm@hotmail.com [mailto:lp_cm@hotmail.com]
> >
> > I wonder the security of the SOAP on the Internet.
> 

Mime
View raw message