问题描述
不太了解加密...
说我正在准备提交给身份提供商的SAML请求。为什么我需要对此请求应用x.509证书?仅通过SSL传输不够安全?
Say I'm preparing a SAML request to submit to an identity provider. Why would I need to apply an x.509 certificate to this request? Is transmission over SSL alone not secure enough?
推荐答案
是 - SSL是足够的,但SSL只是点对点。如果您的来源和目标计算机之间存在几个中介,则无法使用SSL保护您的连接。
Yes - SSL is enough - but SSL is only point-to-point. You cannot secure your connection using SSL if there are a few intermediaries in the way between your source and your target machine.
在这种情况下,当通过互联网传输时,您必须保护实际消息,而不是传输级别。这就是为什么你需要加密XML(或至少它的一部分)。
In that case, e.g. when transmitting over the internet, you must safeguard the actual message, instead of the transport-level. That's why you need to encrypt the XML (or at least parts of it).
Marc
这篇关于为什么要使用x.509证书来加密xml?为什么不通过https传输?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!