PublicKeyInfrastructure (PKI) is a security mechanism often used in WebServices Implementations. Its use is also common in the setup of SecureSocketsLayer implementations (Layer 7 of OpenSystemsInterconnect model) * ''Introductory concepts'' * ''WebServices concerns'' * ''Self signed Certificate Authority'' * ''PKI and SSL (SecureSocketsLayer)'' SSL was designed for synchronous transactions and everything is encrypted. These characteristics made its use inappropriate for WebServices. With adoption of OasisOrganization WebServicesSecurity (WSS) specification, PKI implementation become common amongst vendor products. This is because use of PKI mechanisms enabled easier "roll-your-own" SSL like mechanisms (with fine grained encryption and authentication) that conform with WSS and upcoming WS-SecureConversation, WS-Trust. There exists a risk that has to be managed, due to vagueness in the application of the standards concerned. ---- '''Reading Material''' * ''Ten things I wish they warned me about PKI'' * ''Introduction to W2K PKI'' ---- CategorySecurity