Need advice on security setup
Hi all experts.
I am currently planning a rather large application that will have the
Business Services layer will be implemented as XML Web Services. I think
service (WSDL) lookup will be done using UDDI, not sure yet, since I can't
really see why I should go for UDDI. Quite OT, but anyone on this?
There will be several "clients" to the service layer. Some of which I
develop, and some of which a 3rd party develop. These clients range from
WinForms (smart) applications and WebForm applications.
Customers running on this solution can have different versions of services
and clients. 90% will run on the same services, but 10% can run on
services/clients providing extra functionality.
The Internet is used as transport medium. Pure Internet, not Intra or
80% will be on .NET, 20% on J2EE
Why I am asking this is security newsgroup is because:
I need to autenticate if customers has access to a service (and the WSDL)
and which exactly which set of services (versions) they run on. I thought
about using UDDI for this, but maybe I can go for a simpler solution, maybe
file access byt IIS
I need to authenticate each request (I guess so) to my services layer, since
is can be anyone trying to access the service. Maybe by putting the
credentials in the web service request (in each call to a webmethod???),
maybe in SOAP headers, maybe by using WSE 2.0....Is WSE 2.0 interoperable by
I need to make sure that the request has not been tampered with on the way
from client to web service. This is "just" pure SSL right?
Thanx in advance for any suggestions... or links that can point me in the
Maybe I can issue a client certifcate and then all my trouble is
over...except for managing those d.... certicates on the client.... :-)
|All times are GMT. The time now is 07:02 AM.|
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.