Hi all,
I have a few general security questions that I am having issues finding answers to, so any help appreciated. Even pointers in the right direction would be good.
FYI im using BizTalk as a message broker and want to ensure the validity of any messaging coming into the system.
1) I want to recieve a a flatfile message from a trading partner and ensure it came from who they said it did. I would use a digital signature. However, is there a standard mechanism for appending the fingerprint to the message? I am having difficulty finding out how this works. I.e. I need to tell the trading partner how to sign the document, im not sure how this is done. Im thinking mime/smime is involved, but could use some help.
2) Same scenario as above, but this time using SOAP/WS-Security. If im am siging the entire payload, where do I put the finger print, specifically if using WCF with .NET. Does WCf handle this with message level security?
3) Anything else I should be thinking about?
I'm not in a position to play about with some code to see how things would work for a few days, so help or advice would be greatly appreciated!
I'm surprised at the lack of concrete information on this, it's almost as if people don't do any of it! :S
cheers
TM
I have a few general security questions that I am having issues finding answers to, so any help appreciated. Even pointers in the right direction would be good.
FYI im using BizTalk as a message broker and want to ensure the validity of any messaging coming into the system.
1) I want to recieve a a flatfile message from a trading partner and ensure it came from who they said it did. I would use a digital signature. However, is there a standard mechanism for appending the fingerprint to the message? I am having difficulty finding out how this works. I.e. I need to tell the trading partner how to sign the document, im not sure how this is done. Im thinking mime/smime is involved, but could use some help.
2) Same scenario as above, but this time using SOAP/WS-Security. If im am siging the entire payload, where do I put the finger print, specifically if using WCF with .NET. Does WCf handle this with message level security?
3) Anything else I should be thinking about?
I'm not in a position to play about with some code to see how things would work for a few days, so help or advice would be greatly appreciated!
I'm surprised at the lack of concrete information on this, it's almost as if people don't do any of it! :S
cheers
TM
