Win a copy of Machine Learning with R: Expert techniques for predictive modeling this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
  • Knute Snortum
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • Frits Walraven
  • Ganesh Patekar

Message Level Security

Ranch Hand
Posts: 34
Mac IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

Can someone please let me know what are the topics that are included in "message level security" with regards to certification, as I am getting loads of different results on googling, so would like to keep the topic scope to certification only. I found that following topics discuss message level security but it looks like a very huge topic in itself, can you help me narrow down the scope.

- Configuring Message Security Using XWSS
 XML Encryption
 XML Digital signature API
 XKMS (XML Key Management Specification)
 SAML (Security Assertion Markup Language)
- XML Digital Sinature API

Ranch Hand
Posts: 1759
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you have Ivan Krizsan's version 5 of the exam study guide? If not, you can sign up a free account to download one.
In Ivan's notes, he talks about message level security vs HTTPS.
- encrypt the whole message
- intermediate nodes cannot decrypt the whole message and that is why the message cannot be sent via intermediate nodes.
- message is decrypted once it leaves the wire. Security is not guaranteed at the time it arrives at the receiver.

Message level security:
- encrypt only part(s) of the message
-intermediate nodes don't need to decrypt those parts and can still process other part(s) the nodes understand.
- message is encrypted when it leaves the wire. Security is guaranteed.

For those topics:
Configuring Message Security Using XWSS
-XML Encryption - need to know WS-Security uses it to encrypt a message, read MZ's notes version 5 for detail.
-XML Digital signature API - need to know enveloping signature, enveloped signature, detached signature
-KMS (XML Key Management Specification) - manage key's creation, recovery, register...
-SAML (Security Assertion Markup Language) - need to know it is used for single sign on (sso), authentication and authorization.
-XACML - for access control (authorization)
Pay attention! Tiny ad!
Java file APIs (DOC, XLS, PDF, and many more)
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!