Yes. If you are using SSL to create a secure pipe from one box to another, then you are implementing point-point transport layer security. If the content is encrypted/signed to reach a particular recipient, then you are implementing message level security to ensure your data maintains its confidentiality and integrity end-end. Both tools are useful. Some architectures can create a TLS work around that approximates end-end security. There several methods to implement message level security depending upon your goals and architecture. Rampart is one of them. Another can be found at www.intel.com/software/xml .
Dave David E.A. Johnson Director, Digital Security Products Intel Corporation SSG-MMD ________________________________ From: shams jawaid [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2008 10:54 PM To: axis mailing list Subject: Message Level Security hi there, i am currently confused about the difference between message level and transport level security. I want to know whether i have setup message layer security on my pc or not. I have a setup with axis2 and rampart on my pc, which fully signs and encrypts the SOAP messages. what type of security am i implementing, transport or message level? does a message always need to be partially encrypted for an intended recipient for it to be declared message level security? what if the message is fully encrypted, but is also only intended for a specific recipient? for example, if A is sending a message to C, and it is passing through B, but is fully encrypted for C, and B cannot read it, is that message level security? if i have a completely wrong idea of message level security, please can someone explain exactly what it is. lastly, if i am not doing message level security in my setup, is it possible to do message level security with rampart? Thanks! ________________________________ A prize an hour, 24 hours a day. Try Big Snap now! <http://www.bigsnapsearch.com%0d%0a%20%0d%0a>
