Talk:WS-Security

This article is rated Stub-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer Security: Computing Low‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Computing (assessed as Low-importance). Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Computing Low‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles Low This article has been rated as Low-importance on the project's importance scale.

The paragraph in this article about TLS and using SSL for integrity and confidentiality is not related to the core subject of the page, which is the WS-Security standard. This may be relevant to another article on more general web service security issues. Warnet 16:17, 14 December 2006 (UTC)[reply]

Moved the paragraph about TLS under a Alternative(s) heading and made clear that WS-Security addresses a different (broader) problem than TLS. Anonymous, 14:24, August 24 2007 (GMT+1) —Preceding unsigned comment added by 213.84.67.167 (talk) 12:25, August 24, 2007 (UTC)

I don't believe the information in the TLS section about proxy servers is either cited or factually correct. In fact, proxy servers DO NOT see the content of a message encrypted using TLS, as the client explicitly tells the proxy server where to forward the message to through the HTTP CONNECT operation. The message payload itself is sent through in encrypted form. I will update the article accordingly unless anyone disagrees with the above when I have time to find references for the above.

PaulRussell (talk) 11:32, 9 January 2008 (UTC)[reply]

TLS is related to WS-Security, as one use case is to include an unsigned and unencrypted WSS-token in a SOAP header, and protect the message with transport layer security. In this case the TLS-proxy vouches for the claims in the WSS-token. The proxy definition must be clarified, as it refers to SOAP intermediaries, not TCP-level proxies, and therefore DO SEE content. End-to-End security is not mandatory with WSS, but optional. Rainer Hörbe 10:56, 10 January 2010 (UTC)[reply]

End-to-end security section of the article contains following wording: "If a SOAP intermediary is required, and the intermediary is not or less trusted, ...".

I`m asking the main author to clarify what he meant by "not or less trusted": out of common sense it has to be some variation over "not trusted enough". — Preceding unsigned comment added by 213.170.91.170 (talk) 11:08, 8 July 2011 (UTC)[reply]