WSE 2.0 Encryption vs. SSL
I was wondering what will be the best method to encrypt communication/soap message between client and web service should I use WSE encryption or SSL ?
Well after digging in the area a little I came up with the following comparison table:
| Feature | WS-Security | SSL |
| | ||
| Complete security solution | End-to-end solution | Point-to-point solution |
| SOAP Router to dispatch messages | Using ws-messaging WSE can route the message to the destination. | The router would have to decrypt the message in order to identify the end-point of that given message. |
| Partly message encryption | You can decide what parts of the message you want to encrypt | All the communication / message is being encrypted |
| Key Management | requires coding to handle the key management and exchange protocol or using policy wizard to do this part without any coding | requires a server certificate |
| Binding to specific protocol | You are now able to encrypt *independent* of the underlying protocol as WSE presently supports TCP. The underlying protocol that you might want to leverage becomes a config setting in an XML file. | SSL “binds” you to the HTTP protocol |
| Deployment | requires deploying your code to the client machine (compiled code if using WSE) | SSL does not requires deploying, as most common browsers support it |
| Production Deployment | There aren’t any hardware accelerators | There are hardware SSL accelerator cards |
Comments and more comparison features are welcomed!