System-Level Security
uAll
of the security measures discussed are irrelevant if the
system hosting the web services is not itself secure.
ØThe servers should be housed in a secure
location with restricted access.
ØThe security of the private encryption/signature
keys should be very tightly controlled.
ØEven public keys should be transferred securely.
