Gopalan Suresh Raj's Web Cornucopia
An Oasis for the parched Enterprise Services Engineer/Developer

    SOA Tips-Security/Performance Tradeoffs


    If multiple short messages are being exchanged between the client and the service, TLS (i.e., HTTPS) which uses X.509 digital certificates to provide message confidentiality, may not be the optimal protocol because of the handshake overhead involved in setting it up. The same goes for WS-Security which utilizes XML Digital Signatures for authentication and message integrity, and XML encryption using X.509 digital certificates for message confidentiality.

    While TLS (i.e., HTTPS) can be used for network node level message confidentiality, WS-Security is typically used for end-to-end security up through your application stack, and is independent of the networking protocol. WS-Security is twice as expensive as TLS (i.e., HTTPS).

    This is one of the many reasons why you have to expose Coarse-Grained Service Interfaces to external Clients and exchange reasonable sized messages. Consider setting up a secure conversation with partners who communicate with you frequently. You just have to be aware of the trade-offs when designing your service.

    Author Bibliography

    Gopalan Suresh Raj is a Senior Analyst, Software Architect, and Developer with expertise in multi-tiered systems development, enterprise service architectures, and distributed computing. He is also an active author, including contributions to Professional JMS Programming, Wrox Press, 2001, Enterprise Java Computing-Applications and Architecture, Cambridge University Press, 1999, and The Awesome Power of JavaBeans, Manning Publications Co., 1998. He has submitted papers at international fora, and his work has been published in numerous technical journals. Visit him at his Web Cornucopia© site ( or mail him at