Message Security Level in Rest Web Services

Question

Message Security Level in Rest Web Services

I want to implement two level security in my REST web services.

Transport layer For point-to-point security (transport layer), I decided to use HTTPS.
Message level (end to end) I need the json data (very sensitive) to be encrypted, which can only be decrypted by the intended user.

I need suggestions, how can I implement this? Are there any web standards like WS-Security in SOAP that we can use. I came across JSON Web Encryption (JWE) but not sure if my goal is enough for me.

+1

json security rest web-services jwe

shashankaholic Mar 26 '12 at 9:40

source share

1 answer

Paul jowett · Accepted Answer · 2012-03-28T01:56:44+0000

One good approach is that used by Amazon web services with their client-side data encryption. The documentation provides a good overview of how it works, performance characteristics, customer requirements, and consequences, such as key management.

AWS Client Encryption uses envelope encryption. This data is quickly encrypted using a symmetric cipher, and metadata, such as a symmetric key and payload data, is encrypted using a slower but more secure asymmetric key.

Hope this helps.

Message Security Level in Rest Web Services

More articles: