On Oct 29, 1:32*pm, RayLopez99 <raylope...@gmail.com> wrote:

>
> Yes, just like that. *What you fail to understand (among your many
> other failures) is the difference between message level security and
> transport level security. *HTTPS is the latter not the former. *Here's
> a reference for you to 'bone up' on, bonehead: (http://
> msdn.microsoft.com/en-us/library/ms733137%28VS.90%29.aspx “End-to-end
> security. A secure transport, such as Secure Sockets Layer (SSL) works
> only when the communication is point-to-point. If the message is
> routed to one or more SOAP intermediaries before reaching the ultimate
> receiver, the message itself is not protected once an intermediary
> reads it from the wire. Additionally, the client authentication
> information is available only to the first intermediary and must be
> transmitted to the ultimate received in out-of-band fashion, if
> necessary. This applies even if the entire route uses SSL security
> between individual hops. Because message security works directly with
> the message and secures the XML in it, the security stays with the
> message regardless of how many intermediaries are involved with the
> message before it reaches the ultimate receiver. This enables true end-
> to-end security scenario.”)
>

The only thing left to debate--and I doubt the small minds in this
group has the capacity to address this issue (no thanks in advance)--
is how often "SOAP intermediaries" are present in a 'typical' message
route. I would bet that for most 'routine' messages such as home user
to bank server, there would be no intermediaries, and the ISP server
is just "pass through" and would not require SOAP (I would imagine).
But this is a question for a real expert, not the dunces that hang
around the virtual water cooler that passes for Usenet these days.

RL