Message-oriented middleware (MOM) is software that enables the exchange of messages between heterogeneous systems. It can be seen as a buffer between systems that produce and consume messages at their own pace. It is inherently loosely coupled, as producers don’t know who is at the other end of the communication channel to consume the message. MOM is based on an asynchronous interaction model so it allows these applications to work independently and, at the same time, form part of an information workflow process. Today, a typical organization has many applications, often written in different languages, that perform well-defined tasks. It’s a good solution for integrating existing and new applications in a loosely coupled way, as long as the producer and consumer agree on the message format and the intermediate destination. This communication can be local within an organization or distributed among several external services.
E-mail must still be considered to be insecure. This is particularly true if the Internet is used for message delivery. An attacker can read, spoof, modify, or even delete messages while they are stored, processed, or transmitted. There is virtually no market for X.400-based MHSs with built-in security features (at least outside some military environments) E-mail systems that are used and widely deployed in the commercial world either depend on standardized and open Internet messaging protocols or use proprietary protocols. In either case, additional software must be used to provide security services at or above the application layer in a way that is transparent to the underlying e-mail system(s). This transparency is important for the commercial value of a secure messaging scheme. The resulting independence from message transfer is important and key for the large-scale deployment and success of any secure messaging schemes. This book does not even address the Message Security Protocol (MSP) or P42 that has been specified by the U.S. Department of Defense (DoD) for its Defense Messaging System (DMS) Both are largely irrelevant for commercial applications used in the field and we can therefore safely ignore them for the purpose of this book. A message that is secured above theApplication layer can, in principle, be transported by any e-email system. PEM was an early standardization effort initiated by the Internet Research Task Force (IRTF) Privacy and Security Research Group. MOSS was designed to handle messages that make use of the multipurpose Internet mail extensions (MIME?) PEM and MOSS failed to become commercially successful and have sunk into oblivion. OpenPGP and S/MIME are the way to go for secure messaging on the Internet, according to PGP and S’MIME. PGP is a specification, whereas OpenPGP can be thought of as both a specification and a software package. PEM introduced the use of digital envelopes and the base-64 encoding scheme, and almost all secure messaging schemes that have been proposed afterwards have retained these features. Almost all secure messages today use PGP or OpenPGF.