- From: Anish Karmarkar <Anish.Karmarkar@oracle.com>
- Date: Fri, 04 Mar 2005 10:50:04 -0800
- To: daniela.claro@eseo.fr
- CC: www-ws@w3.org
I think making a general statement that 'SSL is not secure for web services' is not quite accurate. There are certain deployments/usage of Web services (which perhaps may be quite common) where SSL does not fit the bill. SSL being point-to-point provides security at the connection level, but does not provide end-to-end security. Consider a message that traverses several hops (which use the same or different transport). In such a case SSL does not provide you with message integrity. Another example is: the payload of the message is stored in a queue and processed at some later point in time. WRT to intermediaries there can be transport intermediaries or SOAP intermediaries [1]. HTH. -Anish -- [1] http://www.w3.org/TR/2003/REC-soap12-part1-20030624/#relaysoapmsg Daniela CLARO wrote: > Hi all, > > Could anyone please explain me, why SSL is not secure for web services? > Moreover, what is exactly the "intermediaries" that could exist between > a web service connection that SSL can not garantee tthe security anymore? > > > Thank you very much, > Daniela
Received on Friday, 4 March 2005 18:55:49 UTC