2.3.3 Point to point security issues

There are a number of security issues that arise between clients and servers. These security requirements depend on each other in many cases:

Authentication:

For some potential uses of the web (e.g., electronic commerce), it is important that clients authenticate themselves to servers, that servers authenticate to clients, and that both authenticate to each other. It is important that a form of authentication be used that is not easily spoofed, such as cryptographically signed certificates.

Confidentiality:

Confidentiality is important for web uses that involve sensitive data. Data exported by web clients or servers may need to be protected from eavesdropping. For example, services are available (on-line florist) that require the passing of credit card information. This requirement will be amplified when other kinds of data, such as employee records, government files, etc., begin traversing the web.

Integrity:

Certain transactions have the requirement that transaction requests and/or contents remain unmodified during delivery. The electronic commerce example is a case where data integrity is critical to proper functioning of the system.

Availibility:

This means all the systems are up and running when they are needed.