Transport Security

Transport security refers to a group of security technologies that ensure the authenticity of both clients and servers and the integrity and confidentiality of data passed between web servers and their clients.

In most cases, transport security alone is sufficient to secure a web resource such as a web application or web service; but there is another security option available specifically for web services. For detailed information see Web Service Security.

Transport Security Strategies

Transport security offers three basic strategies for achieving the three main security goals: authentication of participants, confidential communication and data integrity. See WebLogic Workshop Security Overview for a description of these security goals.

One-way SSL

One-way SSL offers two primary benefits. First it authenticates the identity of the web server. Second, it ensures confidential communication by encrypting the messages between the client and the server. The "one-way" in one-way SSL refers to the fact that only the identity of the server is authenticated, not the client. You should use one-way SSL when you want to ensure private communication, but where the identity of the client is not a critical factor.

One-way SSL with Basic Authentication

Basic authentication ensures the identity of clients by requiring a username and password. Basic authentication should always be used together with one-way SSL, otherwise the username and password could be intercepted by a malicious third party. You should use one-way SSL when you want to ensure the identities of both the client and server. For details on implementing a basic authentication process, see Basic Authentication.

Two-way SSL

Two-way SSL combines server authentication, encryption of data, and client authentication through client digital certificates.

Topics Included in This Section

One-way SSL

Two-way SSL

Using Controls to Access Transport Secured Resources

Related Topics

Security