Digital Signature is a tool for achieving authentication. And SSL does a (Client/Server) authentication before the encryption process (that improvises confidentiality). So why do we need to do authentication again ( by signing the soap messages) ? At the application layer , are we assuming that the soap messages can be mapped to users whose identity is independent of what the SSL reveals ?
- Parag
---------------------------------------------------------------------------------------------------------------------------------
With SSL, you can be reasonably sure that no one can listen to the conversation, but
if the messages are signed as well, you can be sure of the identity of whom you are
speaking with. SSL alone does not do this.
Russ
*********************** HSS-Unclassified ***********************
- Signed SOAP messages Guha, Suteertha [IE]
- Re: Signed SOAP messages Daniel Amadei
- Re: Signed SOAP messages pagarwal
- Message Style Hrishikesh Kumar
- Re: Message Style David Beahm
- RE: Signed SOAP messages Pridemore, Russell (MAN-Corporate)
- RE: Signed SOAP messages Daniel Amadei
- RE: Signed SOAP messages pagarwal
- RE: Signed SOAP messages Anne Thomas Manes
- Axis and commons-loggi... Roy Benjamin
- RE: Signed SOAP messag... pagarwal
- RE: Signed SOAP messages Guha, Suteertha [IE]
- RE: Signed SOAP messages Chad Brandon
- RE: Signed SOAP messages Benson Margulies
