Gregg,
>>> So what about the path between the XML-SG and your
application
>>
>> An option to consider for that would be 2-Way SSL for data in transit
>> protection and machine-to-machine authentication.
>Yes, that can work as long as you avoid man in the middle attacks...
>>
>> An option to consider for that would be 2-Way SSL for data in transit
>> protection and machine-to-machine authentication.
>Yes, that can work as long as you avoid man in the middle attacks...
The point of 2-Way SSL is not just protection of data
in transit, but strong mutual authenticaion (at the machine level), which
is one of the ways that you mitigate this type of attack. I am probably missing
something in your question.. BTW, you did mean Digital Signature by "XML-SG"
right? Also, keep in mind that the Gateway does not strip off the
Signature.. You can also verify it further in.
>other monetary or highly secure environments? Wouldn't you want
to make sure
>that all of your services provided secure management endpoints that included
>true authentication?
>that all of your services provided secure management endpoints that included
>true authentication?
Certainly. I would make sure that all of
my endpoints have a PEP. Depending on how that PEP is implemented would
determine how I manage it. e.g. If that PEP was implemented in software by
the service platform, it would make things a lot more
complex. The XML Security Gateway really does not do anything for me at the
endpoints.
Regards,
- Anil
SPONSORED LINKS
| Computer software | Computer aided design software | Computer job |
| Soa | Service-oriented architecture |
YAHOO! GROUPS LINKS
- Visit your group "service-orientated-architecture" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
