What are the differences between Metro WSIT's Transport Security
and Message Authentication over SSL
?
The Transport Security mechanism protects your application during transport using SSL for authentication and confidentiality.
Message Authentication over SSL:
The Message Authentication over SSL mechanism attaches a cryptographically secured identity or authentication token with the message and use SSL for confidentiality protection.
Authentication refers to the security layer designed to confirm a person's identity (via a username and password, for example).
Transport security refers to the security layer that protects the transmission of information, including authentication credentials (username & password), and any data transmitted during use of the application.
To say it another way - authentication is the "ID check" to make sure you are who you say you are, and transport security is what keeps your transactions a secret that is shared only with you, and the server and/or service you are interacting with.