SSL (Secure Sockets Layer) is a protocol on top of HTTP that provides confidentiality, integrity and standardized credential (sound familiar?) using encryption, digital signatures (MACs or Message Access Codes) and digital certificates. Web sites that begin with https:// rather than http:// use SSL to secure the traffic and verify authenticity.
Given the overlapping nature of SSL and WS-Security, why is one a better choice?
There are two main problems with SSL that drove the development of WS-Security:
- SSL uses HTTP. Web Services not using HTTP cannot use SSL.
- SSL is point-to-point. It is not granular and messages must be decrypted at any intermediate waypoint.
Dig deeper on Software Security Testing Tools
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.