SecureAuth Hosted Services - Security FAQ

SecureAuth IdP uses WSE 3.0 / WCF message-level encryption over HTTP TCP 80. With WSE 3.0, the HTTP payload is encrypted while leaving the header information un-encrypted which is a more efficient way (low overhead) to support infrastructure (firewall and router) traversal. It is much more efficient and scalable than standard SSL/transport-level encryption.

SecureAuth also chose WSE 3.0 / WCF over standard SSL because WSE 3.0 / WCF provides the ability to encrypt with a different key (bilateral x509 authentication) for each customer, versus SSL which is universal across all clients.

SecureAuth IdP's web services listen on TCP port 80 and 443 since various services are provided which require one or both ports.

Additionally, for legacy proxy server support, SecureAuth has the option to disable WSE 3.0 / WCF and enable transport-level encryption, which is SSL over port 443.

The SecureAuth IdP hosted services are comprised of multiple web farms, geographically dispersed, that serve up different types of web services. Access to all web farm IP addresses is required for Cloud Services site redundancy. These services include X.509 certificate signing, SMS and Telephony one time password services, Push Notifications / Push-to-Accept (Mobile Login Requests), Threat Services, etc.