Database Reference
In-Depth Information
Data security in Transit and at Rest
Usually HTTPS, also known as
Transport Layer Security
(
TLS
) and
Secure Sock-
et Layer
(
SSL
) implementation, is used to protect the communication over a wire
between a service client and service provider. It is a leading solution to implement a
solution for Data security in Transit.
• Server authenticated SSL
In this process, only server identity is validated by the service client using
pre-established digital certificate trust for certificates issued by the public
certificate authorities such as VeriSign, Thawte, GeoTrust, and many oth-
ers. In this implementation, we are not restricting who can consume the
services.
• Client-server authenticated SSL
One can extend the server authenticated SSL implementation to perform
a client identity validation as well to protect services. Usually, client iden-
tity certificates are issued by a private certificate authority, established by
the service provider organization. In this implementation, we are restrict-
ing the users who can consume the services as establishing an HTTPS
client needs to provide an identity certificate trusted by the service pro-
vider.
It is a leading practice to use a client-server authenticated SSL, also known as two-
way SSL, to authenticate users of web services. The client identity certificates used
for authentication are issued from a private certificate authority.
ThealternateoptionstosecurecommunicationoverwirearesTunnel(HostLayer)or
IPSec (Network Layer) implementations. These are often utilized when end-to-end
encryption over wire is a mandate and a software component doesn't have built-in
SSL/TLS implementation.
