more description on security model
diff --git a/README-SECURITY-MODEL.md b/README-SECURITY-MODEL.md
index 22c4ff5..72510ca 100644
--- a/README-SECURITY-MODEL.md
+++ b/README-SECURITY-MODEL.md
@@ -45,7 +45,7 @@
The system architecture of a typical Apache Fortress Rest deployment:
- (*REST/JSON Client*)<--HTTP-->(*FortressREST*)<--in-process API call-->(*FortressCore*)<--LDAPv3-->(*DirectoryServer*)
+ (*REST/JSON Client*)<--https-->(*FortressREST*)<--in-process-->(*FortressCore*)<--ldaps-->(*DirectoryServer*)
* REST/JSON Client is any HTTP interface that supports the message formats.
* Fortress Rest is this project's main artifact, a web application archive (.war) file that deploys into servlet containers like Apache Tomcat.
diff --git a/README.md b/README.md
index 3ae45d8..9c28bfb 100644
--- a/README.md
+++ b/README.md
@@ -255,7 +255,7 @@
These tests will use the Apache Fortress Core test programs to drive the Apache Fortress Rest services.
It works via fortress core's inherent ability to call itself over REST, useful for testing and hopping over firewalls.
-(*FortressCore*)<--HTTP-->(*FortressREST*)<--in-process API call-->(*FortressCore*)<--LDAPv3-->(*DirectoryServer*)
+ (*FortressCore*)<--https-->(*FortressREST*)<--in-process-->(*FortressCore*)<--ldaps-->(*DirectoryServer*)
See *SECTION 1. Prerequisites* of this document for more info on how to prepare a test env.
