Over the past five years, the promise of enterprise information sharing has made great strides with the evolution of Web Services and the promise of Service Oriented Architectures (SOA). An architectural shift that moves us away from point-to-point client/server systems,
SOA provides new challenges related to propagating trust between services at multiple points in an n-tiered architecture. Many government and industry applications have mission-critical security requirements that make achieving strong enterprise security goals mandatory, and over the past few years, there have been great strides in creating mechanisms for achieving these goals in a SOA. The security solutions that exist, however, directly impact performance. The cryptography used to achieve enterprise security goals will also slow down your Web Service consumers and producers, so any good SOA architect will have to be smart and look at all the options. Focusing on performance, this article presents an approach of using SSL to complement some of the existing Web Services security mechanisms - in situations where it makes sense.
