From: avishver (
Date: 10/24/03

  • Next message: alexandre: "Terminal Services Auditing?"
    Date: Fri, 24 Oct 2003 17:15:10 +0200 (IST)


      I have an apllication that uses browser on XP for the presentation,travel
       to IIS6 on WIN03 for presentation logic, and ends up on
       IBM Websphere on IBM MainfraMe: EJB's for the business logic.
      The user authenticates against Active Directory 2003 when activating the

      Several questions froM security point of view about the
       dot net <--> websphere connection:

       - What are the pros & cons to use MQseries / HTTP / RMI bridge ?
       - What is the practical way to iMpleMent end to end user id propogation:
           kerberos ticket ? ssl client certificate ? plain userid ?
          Note that on the websphere side I would like to use
           role base access control on the EJBs, and yet using the
           authenticated uid for authorization checking.
       - What is the preffered audit MechanisM that will be able to
           give unified audit trail on both environMents.

    Thanks alot

    Avi Shvartz

    <<< You can't be a real country unless you have a beer and an >>>
    <<< airline. It helps if you have some kind of a football >>>
    <<< team, or some nuclear weapons, but at the very least you >>>
    <<< need a beer. >>>
    <<< Frank Zappa >>>

    <<<< "Children", I say plainly, "watch out for the baobabs!" >>>>
    <<<< The Little prince by Antoine de Saint Exupery. >>>>

    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:

  • Next message: alexandre: "Terminal Services Auditing?"