Actually, this is an area I am working on.
However, our requirement is for permissioning of services to groups of client hosts.
SSL simply ensures that the messages cannot be tapped.
I believe authentication of SOAP services in under review.
Edward
> -----Original Message-----
> From: Christian Geuer-Pollmann
> [mailto:[EMAIL PROTECTED]]On Behalf Of Christian
> Geuer-Pollmann
> Sent: 02 January 2002 15:51
> To: [EMAIL PROTECTED]
> Subject: RE: SOAP security
>
>
> As always, the answer depends on your security requirements:
> What do you
> want to 'secure'?
>
> Confidentiality while 'traveling' through the internet?
> Right, SSL is the
> correct choice.
>
> Non-repudiation or authentication or integrity? SSL wont do
> that. Use XML
> Signature.
>
> Real end-to-end-confidentiality: Use XML Encryption.
>
>
> For a full-blown XML Signature implementation look @
> http://xml.apache.org/security/
>
> Christian
>
> --On Mittwoch, 2. Januar 2002 08:03 -0700
> [EMAIL PROTECTED] wrote:
>
> > Just use SSL and it is good.
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> >
> > I wonder the security of the SOAP on the Internet.
>
