Appendix B. WS-SecureConversation
Consider a front-end application that uses SOAP message exchanges to invoke the services offered by a back-end application. If you have read chapters 3-8, you already know how to secure these message exchanges. Using WS-Security, the front-end and back-end applications can add security tokens needed for authentication, encryption/decryption, and signing/verifying signatures to each message. Observe that we are emphasizing the need to add the required tokens to each and every message. Is this really necessary? If the front-end application is going to exchange a series of SOAP messages with the back-end application, is it possible to authenticate just once, or exchange the keys used for encryption/decryption and ...
Get SOA Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.