XML.orgXML.org
FOCUS AREAS |XML-DEV |XML.org DAILY NEWSLINK |REGISTRY |RESOURCES |ABOUT
OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] 2007 Predictions

> (It's probably been covered before, but...) I find it interesting that 
using 
> HTTPS allows some security, but it does mean that any perimeter firewall 
can 
> not inspect the contents of an exchange.

Because of this, SSL is usually terminated in the DMZ.  If necessary, a 
new SSL connection will be set up from the DMZ device to the internal 
system. There are other approaches, but I don't know if they're public 
information yet.  Perhaps not surprisingly, they amount to the same thing, 
however.

Nobody reasonable will let SSL from the Internet go through the DMZ 
directly to their backend system.

As currently deployed in the general internet, SSL gives you 
point-to-point data privacy, and little else.  That's worth quite a lot, 
however.

        /r$

--
STSM
Senior Security Architect
DataPower SOA Appliances



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS