Content Classification Service API Reference Guide › Introduction › Security

Security

The current WSDL has been generated using a WCF basicHttpBinding. By default, the WSDL therefore contains no transport or message level security features. While the choice of security does not affect the functionality of the API methods, it has an impact on the client and server configuration and the way the client connects.

Security on the server-side can be configured externally to the code by setting endpoints and options in the web.config file for the web service. Users installing the CCS must decide which security scheme they want to use. Our intention is to support endpoints for:

• Windows Client Authentication over HTTP or HTTPS (the caller must be a member of a specific Windows group to use the service).
• Mutual authentication using certificates over HTTPS.
• Message level security using the WS* standards.

How the security is implemented on the client depends on the operating environment and the development tools used to consume the WSDL. For example, a Windows-based WCF client application can configure all the security options in an application configuration file. You can modify the file to match the settings on the server-side without the need to modify the client code. Separating the security from the code as much as possible makes it easier for users of the service to configure it to match their specific needs.