NOTE: These slides have not been updated since 2003. They have been superseded by the book An Introduction to XML and Web Technologies Addison-Wesley, and the accompanying online material. Please see http://www.brics.dk/ixwt/ for more information. Anders Møller and Michael Schwartzbach, February 2006

INTERACTIVE WEB SERVICES WITH JAVA

SSL - Secure Sockets Layer

• SSL - the Secure Sockets Layer can be inserted between the application layer (HTTP) and the transport layer (TCP).

• using cryptography, it provides privacy and reliability of client-server communication and authentication of the server

• first, a secure channel is set up using (slow) public-key encryption (e.g. RSA) to generate a shared secret
• subsequently, communication is performed using (fast) symmetric encryption (e.g. DES)

• for Web services, just use the https protocol in URLs (assuming that a trusted certificate is generated for the server)

• J2SE 1.4 contains Java Secure Socket Extension (JSSE) providing full Java support for SSL (javax.net.ssl)

COPYRIGHT © 2002-2003 ANDERS MØLLER & MICHAEL I. SCHWARTZBACH