Public Key Infrastructure

PublicKeyInfrastructure (PKI) is a security mechanism often used in WebServices Implementations. Its use is also common in the setup of SecureSocketsLayer implementations (Layer 7 of OpenSystemsInterconnect model)

SSL was designed for synchronous transactions and everything is encrypted. These characteristics made its use inappropriate for WebServices.

With adoption of OasisOrganization WebServicesSecurity (WSS) specification, PKI implementation become common amongst vendor products. This is because use of PKI mechanisms enabled easier "roll-your-own" SSL like mechanisms (with fine grained encryption and authentication) that conform with WSS and upcoming WS-SecureConversation, WS-Trust.

There exists a risk that has to be managed, due to vagueness in the application of the standards concerned.


Reading Material


CategorySecurity


EditText of this page (last edited September 30, 2014) or FindPage with title or text search

Meatball