Rest Web服务中的消息级安全性 [英] Message Level Security in Rest Web services
问题描述
我想在我的REST Web服务中实现两级安全性.
I want to implement two level Security in my REST web services.
-
运输层 为了点对点安全(传输层),我决定使用HTTPS.
Transport layer For point-to-point security (transport layer) i have decided to use HTTPS.
消息层(端到端) 我需要json数据(非常敏感)为加密形式,并且只能由目标用户解密.
Message layer (end to end) I need the json data(very sensitive) to be in encrypted form which can only be decrypted by intended user.
我需要一些建议以实现该目标?是否可以使用任何Web标准(例如SOAP中的WS-Security).我遇到了JSON Web加密(JWE),但不确定是否足以满足我的目标.
I need some suggestions how i can implement this? IS there any web standards like WS-Security in SOAP which we can use. I came across JSON Web Encryption (JWE), but not sure would it suffice my objective.
推荐答案
一种好的方法是Amazon Web Services通过其客户端数据加密使用的方法. 文档很好地概述了它的工作方式,性能特征,客户端要求和含义,例如密钥管理.
One good approach is that used by Amazon Web Services with their Client-Side Data encryption. The documentation gives a good overview of the way it works, performance characteristics, client-side requirements and implications such as key-management.
AWS客户端加密使用信封加密.他们的数据使用对称密码进行快速加密,而元数据(例如对称密钥和有效负载详细信息)使用较慢但更安全的非对称密钥进行加密.
AWS Client-Side encryption uses envelope encryption. They data is fast-encrypted using symmetric cipher and the meta-data such as the symmetric key and payload details are encrypted using a slower but more secure assymetric key.
希望有帮助.
这篇关于Rest Web服务中的消息级安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
