Does it make any sense to apply WSE 3.0 (Security) on top of SSL? -- dotnet web services enhancements

Josh Twist
2/14/2006 12:05:05 AM

Possibly. SSL is transport level security, it basically ensures that
nobody can listen in to a conversation between you and someone else.

You could however use WSE 3.0 to ensure that you only have
conversations with people who provide you with a name and password...
and more.

Depends what you need to do.

Josh
http://www.thejoyofcode.com/

John
2/14/2006 6:02:21 PM

Thanks. When you say
"WSE 3.0 to ensure that you only have conversations with people who
provide you with a name and password... "

I thought you could do the same thing in SSL with Basic Authentication.
What I am trying to find out is given SSL is very secure, I already
using SSL and the only thing I am concerted about is security and do
not care about other fancy stuff. Does it justify the cost (both the
development & performance on top of SSL) to use WSE 3.0?
Thanks again for your help
John

[quoted text, click to view]

Josh Twist
2/15/2006 12:07:35 AM

Good point, you could do it that way too.

If your combination of SSL and Basic Authentication meet all your
requirements (conversations can't be listened too and users must
authenticate) then I'd probably say WSE isn't going to add anything to
this scenario.

As you're obviously aware, It does provide alternatives to how you're
doing what you're doing but I can't think of any killer advantages as
SSL and Basic Auth are also public HTTP standards.

Good Luck!

Josh

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about dotnet web services enhancements

dotnet web services enhancements : Does it make any sense to apply WSE 3.0 (Security) on top of SSL?