Answer Posted / supra
SOAP-DSIG is used to satisfy the message authentication
requirement. It is important to note that you can use SOAP-
DSIG and SSL simultaneously by exchanging
the above HTTP messages over SSL.
Technology Satisfied security requirements
SSL Confidentiality, sender/recipient authentication, and
message authentication by MAC
SOAP-DSIG Message authentication by digital signature and
MAC
SSL provides confidentiality and sender/recipient
authentication. SSL also has functionality for adding MACs
to transmitted messages. On the other hand,
SOAP-DSIG can be used to add not only MACs but also digital
signatures to transmitted messages, but it is not
sufficient for sender/recipient authentication
because it is vulnerable to attacks such as replay attacks.
Therefore, SOAP-DSIG and SSL complement the functionalities
that the other system lacks.
Remember that in order to satisfy the requirement
of non-repudiation, at a minimum you need to simultaneously
guarantee both message authentication by using a
digital signature and sender authentication.
Therefore, using SOAP-DSIG and SSL (with client
authentication) simultaneously is the first step towards
realizing non- repudiation. Specifically, you use
SOAP-DSIG for message authentication by using a digital
signature and SSL client/server authentication for
sender/recipient authentication.
Is This Answer Correct ? | 1 Yes | 0 No |
Post New Answer View All Answers
Explain the actions performed by soapui?
Explain the difference between RPC and Local calls?
One key aspect of service oriented architectures is late binding of services: That is while an application is being executed the system can bind to the required concrete service. i. Service selection in inContext makes use of non- functional and functional aspects. Discuss briefly the difference between functional and non- functional aspects in SoA and why it is necessary to consider both when selecting services. ii. Discuss briefly how the inContext platform uses relevance ranking for service selection. Explain in particular how context data is being used. Continued
Soap or rest apis, which method to use?
Explain about the SOAP Envelope element?
Explain about the encoding style attribute?
How a soap message is structured?
What are the elements of a soap message?
What is Simple Object Access Protocol (SOAP)?
what is the difference between SOAP web service and RESTful web service?
State the syntax rule for soap message?
What are the advantages of json over http as compared to soap over http?
What are the syntax rules for a soap message?
Differentiate soap and rest?
What is wc3 standards?How is the link between SOAP and webservices to it?