| Transport Level Security | Message Level Security |
| Secures point to point communication.
E.g: Your browser to Apache server |
Secures end to end to end communication.
E.g. Sales Order Request application to Database updating application |
| Not transparent thorough multiple transport protocols, | Transparent through any number of transports since it is handled at an above layer |
| Cannot specify different part of the message to secured idifferently | Can specify which part to sign, which part to encrypt in the message, Specially useful when you have a large message and you really want to secure a small portion. |
| Relatively easy to attack. | Relatively difficult to attack. Since the unsecured path in the message flow is minimum, |
| In Web Services we found this is followed by transmitting SOAP over HTTPS. | In Web Services you can follow message level security by adhering to WS-Security specification. |
You can find a descriptive post about the Transport Level security vs Message Level Security on http://www.xyzws.com/scdjws.do?cat=scdjws&smenu=WSGEN&article=4.
Pingback: Encrypt and Sign your SOAP messages in PHP | Dimuthu's Blog