Confidentiality

SSL and TLS are often implemented within web applications to ensure that the communications between the enduser and the web server are encrypted and that the integrity of the communications is unaltered while in transit. Unfortunately, this solution is insufficient for web services since the communications between the enduser and the initial web server are encrypted; however, any additional web service beyond the initial web server could possibly be unencrypted, leaving the XML data open to theft. This results in the confidentiality of the web service becoming compromised.

Web services, therefore, require the message itself to be encrypted using standards such as XML Encryption (http://www.w3.org/Encryption/), XML Key Management (http:// www.w3.org/2001/XKMS/), and WS-Security (http://www.oasis-open.org/committees/wss). This concept is similar to encrypting an email using PGP and sending the email using an unencrypted protocol such as SMTP. The unencrypted communication could be captured, revealing that the message is an email; however, the actual content of the email would be encrypted, protecting the confidentiality of the data. This encrypted data could still be modified, which introduces the integrity checking requirement.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment