Troytec

When preparing for the S90.20 SOA Security Lab Exam by Arcitura Education Inc. , one of the most misunderstood topics is the difference between message-level security and transport-level security (HTTPS) . Many candidates assume HTTPS is enough to secure services. The S90.20 lab proves otherwise. This article explains what the exam really evaluates — and why message-level protection is critical in Service-Oriented Architecture (SOA). Understanding Transport-Level Security (HTTPS) HTTPS uses SSL/TLS to encrypt communication between client and server. What HTTPS Protects: Data in transit Communication channel Server identity (via certificate) How It Works: TLS handshake establishes encrypted tunnel Entire message is encrypted during transmission Once received, message is decrypted Limitation in SOA Context: Once the message reaches an intermediary or internal service, the encryption layer ends. In multi-hop SOA environments, this creates security gaps. ...