Problem solve Get help with specific problems with your technologies, process and projects.

SOA and entry points

Web services security expert Andrew Nash discusses SOA and the security of entry points.

How does SOA affect single sign-on? Are there things we need to be doing at the directory level? What types of tokens and credentials work best in an SOA?

Most organizations will have at least two entry points to the organization - browser/portal interfaces and web services. The same sets of identities, SSO, federated identity attributes access control and other policies need to be applied in a consistent fashion across both these technologies. Leveraging deployed IAM technologies including directories for Web Services is a fundamental requirement.

In most architectures, the presentation and user interface handling (including challenge response protocols for authentication and SSO) will be handled by a portal. Different user credential schemes have been deployed over the years including passwords, tokens, smart cards, X.509 certificates and many others. To reduce complexity and improve performance, reduction of the number of credential types used within a web services framework is highly desirable. To that end, either SAML or Kerberos tickets are the most likely contenders. The advantage of SAML as the choice for this "single" token type is that it is extremely flexible and offers the opportunity to provide secondary authentication support by carrying the appropriate credentials necessary to interact with the legacy systems that Web Services must integrate with at some point.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.