How to use SOAP-DSIG and SSL for non-repudiation?
Answer / supra
SOAP-DSIG is used to satisfy the message authentication
requirement. It is important to note that you can use SOAP-
DSIG and SSL simultaneously by exchanging
the above HTTP messages over SSL.
Technology Satisfied security requirements
SSL Confidentiality, sender/recipient authentication, and
message authentication by MAC
SOAP-DSIG Message authentication by digital signature and
MAC
SSL provides confidentiality and sender/recipient
authentication. SSL also has functionality for adding MACs
to transmitted messages. On the other hand,
SOAP-DSIG can be used to add not only MACs but also digital
signatures to transmitted messages, but it is not
sufficient for sender/recipient authentication
because it is vulnerable to attacks such as replay attacks.
Therefore, SOAP-DSIG and SSL complement the functionalities
that the other system lacks.
Remember that in order to satisfy the requirement
of non-repudiation, at a minimum you need to simultaneously
guarantee both message authentication by using a
digital signature and sender authentication.
Therefore, using SOAP-DSIG and SSL (with client
authentication) simultaneously is the first step towards
realizing non- repudiation. Specifically, you use
SOAP-DSIG for message authentication by using a digital
signature and SSL client/server authentication for
sender/recipient authentication.
Is This Answer Correct ? | 1 Yes | 0 No |
Explain about the syntax rules in SOAP?
what is the general format for reading the custom or default property value?
Explain about the encoding style attribute?
What is soap and rest web services?
What are the syntax rules for a soap message?
How can user use the facilities that are provided by soap?
What is the major obstacle users faced when using soap?
Elaborate the term SOAP?
Enlist few syntax rules applicable for soap message?
What does method list of soap consists of?
What hierarchy soapui follows to build a proper testing project?
What software elements must be assembled to build a SOAP Server?