10.2. Transport-level and message-level security

GSI allows us to enable security at two levels: the transport level or the message level. To explain the difference between these two levels, let's suppose we want our communication to be private. If we use transport-level security, as shown in Figure 10.1, “Transport-level security”, then the complete communication (all the information exchanged between the client and the server) would be encrypted. If we use message-level security, as shown in Figure 10.2, “Message-level security”, then only the content of the SOAP message is encrypted, while the rest of the SOAP message is left unencrypted.

Figure 10.1. Transport-level security

Transport-level security

Figure 10.2. Message-level security

Message-level security

Both transport-level and message-level security in GSI are based on public-key cryptography and, therefore, can guarantee privacy, integrity, and authentication. However, not all communications need to have those three features all at once. In general, a GSI secure conversation must at least be authenticated. Integrity is usually desirable, but can be disabled. Encryption can also be activated to ensure privacy. As soon as we start programming secure services, we'll see how using these features is as easy as adding a few lines in the client indicating that (for example) we want to use integrity, but not encryption during the communication.

[Tip]Message-level vs. Transport-level performance

Transport-level security has been around for a long time and, in fact, chances are that you've already used it when browsing the Web, since secure websites rely on transport-level security. Message-level security in Web Services is relatively new and, although it offers more features than transport-level security (e.g. a better integration with Web Services standards), its performance still leaves a bit to be desired. So, even though we would ideally like to use message-level security for everything (because of its feature-rich goodness), we will sometimes have to consider using transport-level security if performance is an issue. In fact, transport-level security is used by default in the Globus Toolkit.

GSI offers two message-level protection schemes, and one transport-level scheme. The differences between these three schemes are highlighted in Table 10.1, “Comparison of transport-level and message-level security”.

These schemes are not mutually exclusive. For example, we might choose to use GSI Secure Conversation because our application requires delegation, and then add GSI Transport on top of that because we want to encrypt the complete communication (not just a part of the SOAP message). Note that this doesn't result in any redundancy, since we could configure GSI Transport to use encryption and GSI Secure Conversation to not use encryption.

Table 10.1. Comparison of transport-level and message-level security

 GSI Secure ConversationGSI Secure MessageGSI Transport
Privacy (Encrypted)YESYESYES
Integrity (Signed)YESYESYES
Anonymous authenticationYESNOYES
PerformanceGood if sending many messagesGood if sending few messagesBest