7.4. Message-Level Web Service Security
Message-level security, or securing Web services at the message level, addresses the same security requirements—identity, authentication, authorization, integrity, confidentiality, non-repudiation, and basic message exchange—as traditional Web security. Both traditional Web and message-level security share many of the same mechanisms for handling security, including digital certificates, encryption, and digital signatures. Today, new mechanisms and standards are emerging that make it not only possible but easier to implement message-level security.
Traditional Web security mechanisms, such as HTTPS, may be insufficient to manage the security requirements of all Web service scenarios. For example, when an ...
Get Designing Web Services with the J2EE™ 1.4 Platform JAX-RPC, SOAP, and XML Technologies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
