1. Web Clients alone needs to be implemented with SSL, so can I assume that Application Client resides inside the firewall so it dosen't need SSL ?
This is also 1 way to give a faster response to the Travel Agent, Also SSL implementation mostly depends upon the Server, should we document this ?
2. To what extent Security needs to be depicited in Component Diagrams ?
I guess thats the only diagram in which we show Security
3. What type of Security needs to be provided for a Travel Agent ?