How to secure Intranet Web Services (Transport Layer Security vs. Message Encryption)?

I can vouch that WS-Security can be difficult to implement but has much more control over the level of security around your message.

I can vouch that WS-Security can be difficult to implement but has much more control over the level of security around your message: Encrypt parts separately header / body Message expiration Digital signatures Authentication More control over encryption and signature algorithms But if you are looking at internal web services I find that SSL/TLS is easier to implement but will still provide strong encryption. If you want to add authentication you can accomplish that with basic auth on the server. I doubt you would need to use both WSS and TLS, but some of those info sec people will come around shouting defense-in-depth, and say it's a good idea in case someone can decrypt your HTTPS session.

I used to be one of those guys and probably said that, but I was looking for reasons to justify my boss's consulting fees. So it really comes down to business requirements and what kind of data you're looking at. Also I would consider that a malicious person on an internal network would probably go after your data sources rather than your data in transit.

A little personal experience: I've implemented WS-Security for government web services but they can go across the public internet. The internal services I've worked on for a financial institution met the audit requirements with HTTPS and basic auth. Cheers!

WS-Security is the default out of the box with WCF. I guess how difficult it is depends on the platform. – John Saunders Dec 30 '10 at 19:37 We use .

Net and Java and some Web (REST) – phx Dec 30 '10 at 20:00 @John Saunders Platform does make a huge difference in the complexity of implementing WSS. @phx as far as I know there isn't a WSS equivalent for REST yet, this question is relevant: stackoverflow. Com/questions/454355/… – sisslack Dec 30 '10 at 20:18.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.