Transport Level Security vs Message Level Security

Transport Level Security Message Level Security
Secures point to point communication.

E.g: Your browser to Apache server

Secures end to end to end communication.

E.g. Sales Order Request application to Database updating application

Not transparent thorough multiple transport protocols, Transparent through any number of transports since it is handled at an above layer
Cannot specify different part of the message to secured idifferently Can specify which part to sign, which part to encrypt in the message, Specially useful when you have a large message and you really want to secure a small portion.
Relatively easy to attack. Relatively difficult to attack. Since the unsecured path in the message flow is minimum,
In Web Services we found this is followed by transmitting SOAP over HTTPS. In Web Services you can follow message level security by adhering to WS-Security specification.

You can find a descriptive post about the Transport Level security vs Message Level Security on

This entry was posted in security, web services and tagged , . Bookmark the permalink.

One Response to Transport Level Security vs Message Level Security

  1. Pingback: Encrypt and Sign your SOAP messages in PHP | Dimuthu's Blog

Leave a Reply

Your email address will not be published. Required fields are marked *