I want to implement the following security transaction using AXIS Is it possible? If it is not Why ? 1.Clients creates a messages that is a parameter of the webservice call. 2.Client encrypts payload of message using server public key . 3.Clients add to message digital signature using X.509 managed certificate. (It is should be performed automatically to all outgoing clients messages) 4.Client establishes security SSL connection to the server. 5.Client calls appropriate webservice using HTTPS. 6.Server checks digital signature of input message. (It is should be performed automatically to all ingoing server messages) 7.Server decrypts payload of the message using server private key. 8.Server processes the message and creates replay message. 9.Server encrypts message using own private key. 10.Server attaches digital signature to the message.(It is should be performed automatically to all outgoing server messages) 11.Server returns response message back to the client. 12.Client checks server digital signature.(It is should be performed automatically to all ingoing clients messages) 13.Client decrypts payload of the message using server public key. Scenario above represents the highest level of the security protection. It assumes that messages are protected by set of security keys. 1.Digital signature to authenticate server when establish SSL connection. 2.Digital signature to authenticate client when establish SSL connection 3.Asymmetric key's pair to encrypt SSL traffic between client and server. 4.Digital signature to be added to all outgoing messages on the client side 5.Digital signature to be added to all outgoing messages on the server side 6.Asymmetric key's pair to encrypt encrypt/decrypt payload of the messages. Sorry. It is probably too long. If somebody has implemented something similar in practise?
Couple of words regarding the book. From the begining thank you for the advice. I followed the link and found some positive and negative feed-backs. They should help me to make a desicion. It is always difficult to state the value of the book without reading couple of articles. I will have a look at this book in the bookstore. Thank you. Most of all I am intrested in some practical scenarios. Because from the theoretical standpoint there is complex of solutions but not all of these solutions probably match to my production environment that defintilty has perfomance and security constraints.