|
|
|
The ability of SOA Security Manager to obtain security information from XML documents without user interaction and produce WS‑Security headers, SAML Session Ticket assertions, and SiteMinder session cookies lets you securely deploy web services using a number of service models.
All requests are authenticated and handled by a single web service.
All requests are sent to a web service responsible for authentication, which then returns the message and authentication data back to the web service consumer. The web service consumer application can then send requests containing this authentication data to other related web services within or across domains.
All requests are received by a web service responsible for authentication and then passed, with authentication data, to one or more other web services for handling. That is, message and authentication data always flows from the authentication web service directly to the next required web service, and from there to the next web service and so on, without further interaction from the web service consumer.
Choosing the appropriate authentication service model is the first, and probably most significant, decision you must make when designing a web service implementation. Your choice of service model also plays a significant role in determining the most appropriate SOA Security Manager authentication schemes to use.
| Copyright © 2009 CA. All rights reserved. | Email CA about this topic |