
	Home > Ask the Security Experts > Questions & Answers > Why can't I just use SSL to protect my Web services?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Why can't I just use SSL to protect my Web services?

EXPERT RESPONSE FROM: Ben Wright

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 21 May 2003
Why can't I just use SSL to protect my Web services?

EXPERT RESPONSE
The Secure Sockets Layer, SSL, may be used in certain, restricted cases for protecting a Web services message on the wire. However, SSL has a number of limitations when it is used with Web services. First, SSL is a point-to-point protocol, that is, at each step the message is decrypted and a new SSL connection is set up. If a message goes through multiple intermediates, which is expected behavior in Web services, then the message will be exposed to each intermediate, which may be a severe vulnerability. Second, SSL encrypts the whole message, which will be expensive for a large message, whereas Web services security supports encrypting selected parts of the message. Third, SSL does not support authorization, whereas there are Web services specifications that specifically support authorization, such as the eXtensible , Access Control Markup Language, XACML. Fourth Web services security is XML based which is the language of Web services, making it a more congruent fit. That said, there are times when SSL is an alternative to Web services security and is recommended to be used in conjunction with Web services security in certain cases.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	SSL & TLS
	Which operating system can best secure an FTP site?
	If email attachments are sent via SSL will they be encrypted?
	Transit Safety
	Yahoo fixes SSL flaw in Business E-mail
	Quiz: Web application threats and vulnerabilities
	Secure data transmission methods
	Apple patches 13 flaws in Mac OS X
	Security Bytes: IE7 defenses revealed
	How to configure an FTP server with SSL
	Securing public key transport

Web Services Security and SOA Security

MySpace, Facebook ignoring basic principles of security

Kaminsky: DNS flaw capable of attacks on many fronts

Information security book excerpts and reviews

Kaminsky on DNS rebinding attacks, hacking techniques

Which operating system can best secure an FTP site?

IBM's Watchfire halts network research, focuses on Web apps

How does identity propagation work?

Citrix adds Web security with acquisition

Are attackers using malware to exploit service oriented architectures?

Using an XML security gateway in a service-oriented architecture

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

Secure Shell (SearchSecurity.com)

Secure Sockets Layer (SearchSecurity.com)

server accelerator card (SearchSecurity.com)

Transport Layer Security (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy