30. Message
Level
SOAP Security
Symmetric Binding Vs Asymmetric Binding
31. SOAP Security
• WS-‐Security
secures
SOAP
–
focuses
on
Message
Level
WS
–
Secure
Conversation
message
level
security
• Focuses
on
a
single
message
authentication
model
• Each
message
contains
everything
necessary
to
authenticate
it
self
• Suitable
for
a
coarse
grained
messaging
in
which
a
single
message
at
a
time
from
the
same
requestor
is
received
32. Message
Level
SOAP Security
• What
SSL
does
at
the
transport
level
in
point-‐to-‐point
WS
–
Secure
Conversation
communication,
WS-‐SecureConversation
does
at
the
SOAP
layer
• Removes
the
need
of
individual
SOAP
message
carrying
authentication
information.
• Establishes
a
mutually
authenticated
security
context
in
which
a
series
of
messages
are
exchanged.
• Uses
public
key
encryption
to
exchange
a
shared
secret
and
then
onwards
uses
the
shared
key