hello,
i'm facing problem regarding identity and user attributes propagation
within web services architecture.
my security concern is :
user identity and user information should be propagated in secure way,
integrity should be ensured.
functional guys tell me that within soa architecture, all services must be
"self-defined"... the service body should contain user information if the
business behind the service needs the user informztion like user id for
example...
what do you think?
Frédéric,
I'm not quite sure I understand your issues. Are you afraid you would need
to replicate identity related data? Are you afraid you would need to pass
such data in clear?
There is no single good answer to these questions apart from: It's possible
to do it well. The rest is really up to your environment, both
technological and business.
Are you familiar with WS-Security and WS-Trust? If you could elaborate or
clarify I'm sure some of us on the list would be able to give you a hand.
All the best,
Pierre
On 23 January 2012 20:53, Lebeau Frederic frederic.lebeau@websurf.bewrote:
hello,
i'm facing problem regarding identity and user attributes propagation
within web services architecture.
my security concern is :
user identity and user information should be propagated in secure way,
integrity should be ensured.
functional guys tell me that within soa architecture, all services must be
"self-defined"... the service body should contain user information if the
business behind the service needs the user informztion like user id for
example...
what do you think?
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org