Hi So the "alternative" suggestion for a security infrastructure using TLS and X.509 infrastructure. Note: TLS is evolution/replacement of SSL. Requirements: - Peer authentication - Confidentiality - Message integrity - Replay protection At least we agree on those :-). TLS supports all of these, and have done it for more than 10 years. In the common setup only the server (defined as the one not initiating the connection) is authenticated. Typically (for HTTP applications) clients are then authenticated via username/password. However TLS supports authenticating clients via certificates just fine. This enforced by requiring clients to present a certificate in the service-side security context. There was an argument about TLS not providing end-to-end message integrity. That is simply not true. While it is possible to put TLS in a configuration with a reverse proxy and defining end in a certain way, one can make a strawmans argument about this. TLS is what is used when punching in your credit card numbers over the Internet or accessing your web-mail in secure fashion. It is good enough for NSI :-). Performance-wise setting up a TLS connection and creation a signed+encrypted message are roughly the same (involves the same amount prime number juggling). If using persistent connections TLS will use a negotiated secret shared key for encrypting the session, which is significantly cheaper than pure RSA, causing TLS to win hands-down. I don't think this will be an issue though (AFAIK it can also be solved by using WS-SecureConvensation, but that wasn't what was suggested). For completeness WS-Security comes much more unassembled than TLS. One has too choose signing and/or encryption along with what to actually do this on. Arguably WS-Security is a lot more flexible and allows stuff like passing on signed messages for repudiation, we don't have that in our requirement, and it doesn't fit very well into what we've outlined as a trust/peer network (we don't require all NSAs to thrust the certificate provider of all other NSAs and do message breakout). Now, both TLS and WS-Security can provide a solution which can solve our requirements. TLS however is much widespread both in usage and implementations as it is the de-facto standard for providing secure communication for the HTTP protocol. TLS is supported in virtually all major programming languages, either through native implementations or bindings to OpenSSL or GnuTLS. It is also protocol independent meaning that we can use the same security infrastructure for a client REST protocol. Best regards, Henrik Henrik Thostrup Jensen <htj at nordu.net> Software Developer, NORDUnet