Talk:WS-Security

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computer Security / Computing  (Rated Stub-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Stub-Class article Stub  This article has been rated as Stub-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing (marked as Low-importance).
 
WikiProject Computing (Rated Stub-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Stub-Class article Stub  This article has been rated as Stub-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
 

The paragraph in this article about TLS and using SSL for integrity and confidentiality is not related to the core subject of the page, which is the WS-Security standard. This may be relevant to another article on more general web service security issues. Warnet 16:17, 14 December 2006 (UTC)

Moved the paragraph about TLS under a Alternative(s) heading and made clear that WS-Security addresses a different (broader) problem than TLS. Anonymous, 14:24, August 24 2007 (GMT+1) —Preceding unsigned comment added by 213.84.67.167 (talk) 12:25, August 24, 2007 (UTC)

I don't believe the information in the TLS section about proxy servers is either cited or factually correct. In fact, proxy servers DO NOT see the content of a message encrypted using TLS, as the client explicitly tells the proxy server where to forward the message to through the HTTP CONNECT operation. The message payload itself is sent through in encrypted form. I will update the article accordingly unless anyone disagrees with the above when I have time to find references for the above.

PaulRussell (talk) 11:32, 9 January 2008 (UTC)

TLS is related to WS-Security, as one use case is to include an unsigned and unencrypted WSS-token in a SOAP header, and protect the message with transport layer security. In this case the TLS-proxy vouches for the claims in the WSS-token. The proxy definition must be clarified, as it refers to SOAP intermediaries, not TCP-level proxies, and therefore DO SEE content. End-to-End security is not mandatory with WSS, but optional. Rainer Hörbe 10:56, 10 January 2010 (UTC)

"not or less trusted"[edit]

End-to-end security section of the article contains following wording: "If a SOAP intermediary is required, and the intermediary is not or less trusted, ...".

I`m asking the main author to clarify what he meant by "not or less trusted": out of common sense it has to be some variation over "not trusted enough". — Preceding unsigned comment added by 213.170.91.170 (talk) 11:08, 8 July 2011 (UTC)