RE: security for WS call from behavior and ASP.net
From: Michael Graham (mgraham@onlinemicrosoft.com)
Date: 06/07/02
- Next message: Sean Harrop: "ASP.NET stops working after installing q322289"
- Previous message: Annie Hamilton: "Re: Roles Authorisation in Forms Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: mgraham@onlinemicrosoft.com (Michael Graham (MS)) Date: Fri, 07 Jun 2002 17:52:12 GMT
Hello,
I apologize for the delay on this. I would recommend using SOAP headers
and authenticating at the message level.
This is the approach adopted by the WS-Security specification; one of a set
of specifications that comprise the Global XML Web Services Architecture
(GXA) initiative.
With this approach, security is applied at the SOAP message level through a
set of SOAP extensions. SOAP messages are self contained, with headers
carrying the relevant security attributes including security tokens that
contain usernames to support client authentication. Confidentiality and
integrity is provided by a variety of message-level encryption techniques.
Advantages
- Security is independent from the underlying transport, making the
approach ideally suited to the loosely coupled, heterogeneous environments
for which Web services are designed.
- Provides end-to-end security and accommodates message routing
through intermediate application nodes.
- Supports multiple encryption technologies.
Disadvantages
- There is generally more development effort involved with message level
techniques.
- The GXA specifications are in the early stages of development and as a
result are not yet defined standards.
I hope this helps!
mgraham@online.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Sean Harrop: "ASP.NET stops working after installing q322289"
- Previous message: Annie Hamilton: "Re: Roles Authorisation in Forms Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
