Re: [ebxmlms-general] idea : use ebXML to bridge the gap, through JMS

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> Is the application server trust worthy ? it does have DB access 
> control... So the postoffice is not less trust worthy than an 
> application server... And in most cases, communication between client 
> and postoffice would be inter-process... otherwise, JSM over SSL 
> implementations are available.
>
The messaging service is deployed to the application server. We have to 
trust it. But, the postoffice is another process, or in stricter sense, 
another system sitting in the middle between the senders and receivers. 
Therefore, we have good reason not to trust it.

JMS over SSL helps only the confidentiality over the wire. It's tough to 
make sure the postoffice cannot view the confidential part of the 
message. Unless we use XML encryption to encrypt only the secret part, 
and leaving the header part in clear text for routing purpose.

Regards, -Patrick