Glossary

Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) is a protocol used for secure point-to-point communications. The primary example of the use of SSL is in the HTTP and HTTPS protocols used by web browsers and servers. SSL has built-in capabilities for using Public Key authentication. However, that capability typically goes unused due to client credential management problems.

SSL is suitable for point-to-point security, such as is found in two-tier (client-server) applications. For n-tier applications (n greater than two), SSL does not provide the facilities needed for securely propagating the identity of the end-client and end-server(s) across a series of point-to-point connections. That eliminates the ability to securely delegate authorization across applications, and removes the ability to audit the identity of individuals through most transaction processing systems.

SSL's most obvious application other than browsers is as a secure transport for simple point-to-point security, such as is provided by application-layer VPNs. However, it is questionable that the use of SSL for such a purpose has any significant benefits over the GSSAPI.