Messaging (SOA) Security - Contractor UK Bulletin Board

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

themistry started a topic Messaging (SOA) Security

19 March 2008, 12:04
Messaging (SOA) Security

Hi all,

I have a few general security questions that I am having issues finding answers to, so any help appreciated. Even pointers in the right direction would be good.

FYI im using BizTalk as a message broker and want to ensure the validity of any messaging coming into the system.

1) I want to recieve a a flatfile message from a trading partner and ensure it came from who they said it did. I would use a digital signature. However, is there a standard mechanism for appending the fingerprint to the message? I am having difficulty finding out how this works. I.e. I need to tell the trading partner how to sign the document, im not sure how this is done. Im thinking mime/smime is involved, but could use some help.

2) Same scenario as above, but this time using SOAP/WS-Security. If im am siging the entire payload, where do I put the finger print, specifically if using WCF with .NET. Does WCf handle this with message level security?

3) Anything else I should be thinking about?

I'm not in a position to play about with some code to see how things would work for a few days, so help or advice would be greatly appreciated!

I'm surprised at the lack of concrete information on this, it's almost as if people don't do any of it! :S

cheers
TM
Tags: None

Working...

X