RE: Blended Authentication (AKA "Granular Access Control")
> > -----Original Message----- > From: Chiusano Joseph [mailto:chiusano_joseph@b...] > Sent: Wednesday, May 07, 2003 2:52 PM > To: Cavnar-Johnson, John > Cc: xml-dev@l... > > <Quote1> > According to the WS-Trust spec, "a web service can require > that an incoming message prove a set of claims." These claims > are not limited merely to identity, but can include the > user's principal (or security > context) > </Quote1> > > Can you take this one step further and explain how this would > apply to the presented scenario? In other words, how would > the identity of SYSTEM A be brought into the picture > (allowing SYSTEM A to really be considered a "user")? And how > does it relate to the possibility of more granular security > at (for example) the WSDL Operation level? > Do you want SYSTEM A to authenticate the user, or do you want the request to actually come from SYSTEM A? If the former, then this is exactly the brokered trust scenario. If the latter, then you add a requirement to your policy that states the request must include a certificate from SYSTEM A as well as credentials for the user.
PURCHASE STYLUS STUDIO ONLINE TODAY!
Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!
Download The World's Best XML IDE!
Accelerate XML development with our award-winning XML IDE - Download a free trial today!
Subscribe in XML format