Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / December 2004

Tip: Looking for answers? Try searching our database.

Webservice digital signature & security question

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
gm0ney - 01 Dec 2004 21:16 GMT
If my webservice is currently secured with a SSL cert,
do I really need to encrypt or use a digital signature
at the soap message level?

Isn't that basically encrypting the encryption.  Or I'm totally
missing the boat here?

Just trying to gather answers for implementing Digital Signatures
in our soap transactions, or is the use of an SSL cert sufficient.

Thanks,
Reply to this Message
nealboy - 02 Dec 2004 09:58 GMT
Can SSL security be used in Web Servicves?I think the better way is using of
SOAP extension to sign/verify or encrypt/decrypt soap message.
You can make it by writing code yourself or using of WSE directly.
> If my webservice is currently secured with a SSL cert,
> do I really need to encrypt or use a digital signature
[quoted text clipped - 7 lines]
>
> Thanks,
Reply to this Message
gm0ney - 02 Dec 2004 19:29 GMT
Yes, our webservice is already secured by an SSL cert.

My question, if it wasn't clear, does the use of a digital signature
gain anything?

I can definitly see the pros if not wanting to use SSL or the possible
performace degradation of SSL.

But if already using an SSL cert, why do I need to do the other?

 

> Can SSL security be used in Web Servicves?I think the better way is
> using of SOAP extension to sign/verify or encrypt/decrypt soap
[quoted text clipped - 10 lines]
>>
>> Thanks,
Reply to this Message
Rory Plaire - 02 Dec 2004 20:47 GMT
gm0ney <gm0ney@night-storm.net> wrote in news:Xns95B389472C220xXxZzZxXxZzZ@
207.46.248.16:

> Yes, our webservice is already secured by an SSL cert.
>
[quoted text clipped - 5 lines]
>
> But if already using an SSL cert, why do I need to do the other?

Hi,

It depends on your needs. The digital signature ensures integrity for the
message, no matter how many points the message passes through, whereas SSL
is only point-to-point. With WSE 2.0 extensions, you can send messages
through untrusted networks securely. If you own both ends and the route in
between, it's probably much less crucial to use WSE security. Nonetheless,
I implement it because it makes the services much more extensible in the
future, since I can redeploy services and change routes without having to
maintain SSL plumbing.

-rory
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.