Architect's Notes
Security requires an end-to-end perspective and not just a point-to-point one. It is not simply the exchange of data between the client and the server that is important, but instead the entire path that the data takes. This includes not only technologies, but also operational processes.
Do not encrypt the entire message. Due to the overhead of encryption and decryption, only encrypt what needs to be encrypted. Encrypt data meant for different people using different keys. The advantage of using XML Encryption is that it supports both of these requirements.
Inline signatures with the information that they sign. Signed documents are important not only during transmission between parties, but also as a means to prove and enforce accountability ...
Get Developing Enterprise Web Services: An Architect's Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
