|
|
- Transport Layer Security (TLS) - applies to the transport level (in this case, HTTPS). TLS is robust, proven and widely implemented in a way which is commonly interoperable. Its limitation is that it does not support end-to-end security, providing security only for communication between two parties which are directly connected.
- WS-Security - applies at the message level, independently of the underlying transport mechanism. In theory, it provides support for end-to-end security. However, WS-Security is still relatively new with uneven implementation in vendor toolkits. The XML Secured Payload Profile v1.1 defines the mechanisms to sign and encrypt data represented as XML. It allows messages to be secured independently of whatever security mechanism is used at the Web services level. It is necessary to ensure that messages are secured even if routed via an intermediary (such as a messaging vendor).
|
|
