Hello,
I would like to propose the implementation of some sort of security mechanism for webservices on MF-devices.
The current implementation only allows the transmission of (human-readable) SOAP or MTOM-encoded messages. Using a network-sniffer, it is possible to simply read and/or modify the transmitted messages. This intolerable or at least undesirable in most scenarios in the automation or home-automation domain (as well as other domains). In terms of data privacy laws it can be problematic for a potential application in the consumer market.
Most of the crucial pieces for implementing webservice-security are already available on the MF (cryptography, SSL, HTTPS-sockets, DPWS-stack). Of course it would be nice, if the implementation was compatible with the WS-standards (and WCF). Some kind of transport-security, using HTTPS-sockets, should be possible with arguable time and effort.
Regards,
Tim