Message Based Security is Way Cool
Here at the Applied XML Developers Conference in the center of the unknown world, Stevenson, WA, there is definitely a well-represented camp that believes that SOAP envelopes are not particularly worth while and we should just use SSL for security.
What you lose when you go to a non-message based approach is what you really end up gaining from having messages. Take the following scenario:
Suppose I know I'm creating a bunch of SOAP messages and I decide I want to get them all to some endpoint. So I check the local classified ads for someone who will deliver these messages for me. I find the following entries:
- Joe's XML Message Delivery - Just 25 cents a message!
- Fred's ultimate security XML Message Delivery - $1.00 per message. More expensive, but you know you are secure!
- Evil Eddies XML Message Delivery - FREE! Specializing in messages with credit card numbers in them!
So you see these three options for having your messages delivered and you say, AHAH! There is an obvious choice here. That's right, the third one - Evil Eddie.
Why would we go with Evil Eddie? Because message-level security allows us to hand our messages to anyone. They won't be able to decrypt encrypted data, they won't be able to modify signed data, they can't do anything to that message that cannot be detected. What if Eddie starts modifying my messages? We will be able to detect that because the signatures will be invalid and we will throw those messages away. But what if I need those message? That is why we throw in WS-ReliableMessaging so that we will retry sending any messages that were not received as valid messages. We have paid nothing and Evil Eddie has done the job for us.
And it doesn't have to be Evil Eddie. Thinking in a message-oriented world means you can do a number of things. You can throw the message on a floppy and hand it to the person. You can send it in email. You can throw it in a database. You can post it to an FTP server. You can send it in an instant message. And it doesn't matter. You can deal with the message any way you want.
And as Becky mentions, this approach can avoid any sort of processing bottleneck, which among other things, mitigates denial of service attacks since you can queue up messages and process them as we get the cycles.
-Matt
Comments
- Anonymous
October 21, 2004
But how often do you see services interacting via any of these other options (ftp, email) practically? - Anonymous
October 21, 2004
I don't really expect services to interact a whole lot via manual floppy passing or some of the other methods. The point though is that you don't care how the messages get to where they are going. HTTP, FTP, MQ, SMTP, TCP, UDP, XXXXP, or some combination of all of them. Message based security means I can sleep well even if Evil Eddies is delivering.
And probably the most important point is that it is a better match for most business processes compared to request/response. - Anonymous
October 29, 2004
I have a XML web service, I would like to use SSL to protect the data. <br><br>Currently some of my clients are using SOAP calls to access this web service, the other group is using HTTP POST/GET. My concern is, after I add SSL, can the POST/GET group access my web service over SSL?<br><br>Thanks a lot. - Anonymous
June 08, 2009
PingBack from http://insomniacuresite.info/story.php?id=10562