Have Fun with Java
little,little.. little by little makes a lot..
If i design, shall go for both, WSS for message level to avaoid so called "Man In the Middle Attack" and 2 way SSL for business level trust.
Ulf Dittmer wrote:
If i design, shall go for both, WSS for message level to avaoid so called "Man In the Middle Attack" and 2 way SSL for business level trust.
That doesn't buy you much (or anything) that WSS alone (encryption + signature) doesn't also provide.
Have Fun with Java
little,little.. little by little makes a lot..
Shankar Tanikella wrote:All requests to web application requires a hand shake and it is not a good idea for bypassing the SSL by any means just for exposed services, or is it?
One should also consider that the importance of person - machine(server) and organization - machine communication, shouldn’t we
Have Fun with Java
little,little.. little by little makes a lot..
Regards
KumarRaja
Should i break the current level of security for just web services?
Kumar Raja wrote:But we do not have intermediaries, then adding SSL would be an additional level of sercurity at transport level in addition to message level. Would any one contradict this ?
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime. |