Re: What are the benefits of WSE 3.0 for transport layer security?
- From: snj <snj@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 9 Sep 2007 22:32:02 -0700
Hi,
Could you please let me know how do you configure for SSL? Do I have to buy
any certificate for this?
Thanks,
snj
"lissbpp" wrote:
Thanks for writing Marc, I'm glad we are on the same page regarding message.
level security vs. transport layer security. I do not have any
intermediaries between my client and endpoint, so in my mind it makes sense
to go with transport layer security over SSL, as it will be fast and easy.
If I'm not using message layer security are there any benefits in using WSE?
I would rather not have any additional prerequisites in my client
application if possible. A simple webservice call over SSL should get me the
security I need, correct?
thanks,
-bp
"Marc Castel" wrote:
Generally, I've found transport based encryption/decryption faster than
message based encryption/decryption. Personally, I like the simplest and
most practical approach i.e. transport based security. For intranet based
Windows clients I've found Windows authentication (in the HTTP header) so
much easier and simpler to implement and operationally manage versus
Kerberos at the SOAP message level.
The big benefit for me regarding message level security is that all the
security tokens, signatures, cypher values, addressing elements and
timestamps are in the message. A client can encrypt parts of the message
that only the endpoint can understand. Intermediaries can also route and
encrypt other message parts before it reaches the endpoint. Its probably
easier to build this kind of infrstructure using WSE versus building your
own message routing infrstructure.
But if you're going direct from client to endpoint service using HTTP Basic
auth over 1-way SSL and that's good enough, then I'd stick to that approach.
"lissbpp" <lissbpp@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D5FE884E-63ED-457D-A487-F766D82ED74D@xxxxxxxxxxxxxxxx
Hello,
I am debating whether or not to use WSE in my "ClickOnce" application.
I've
read through the WSE 3.0 patterns and practices document, and decided to
use
"Transport Layer Security Using HTTP Basic over HTTPS" as my secure
webservice solution.
My question is what are the benefits of adding the additional overhead of
WSE if I'm going to be securing my web service via SSL? I do not have a
requirement for a username token; however, I will be authenticating a
user/machine via a unique license key which is generated by the client
application.
thanks,
-bp
I
- Prev by Date: Re: Adding certificate using X509Store
- Next by Date: Are web references required?
- Previous by thread: Adding certificate using X509Store
- Next by thread: Are web references required?
- Index(es):
Relevant Pages
|
