Yes, and with apologies for not including more helpful information first
time around.
[1] - http://ws.apache.org/ws-fx/wss4j/
Jim Murphy
Mindreef, Inc.
Vikas Phonsa wrote:
Jim,
Could u direct to some resources about WS Security that possibly have
some examples related to Axis . I googled about security and
authorization in web services but there is just too much information and
it is kinda hard to select an approach to follow.
Thanks
-----Original Message-----
From: Jim Murphy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 16, 2004 2:53 PM
To: [EMAIL PROTECTED]
Subject: Re: Best Practice
Joe Plautz wrote:
Yes it was. It's something the carries application specific
information
as well as customer and user specific information. It's not great by
any
means, but it doesn't allow access either. But, by doing it this way,
I've tried to keep the services as more of one time shots. Not as
something that needs to be called over and over again in rapid
succession.
Vikas Phonsa wrote:
Hi Joe,
Thanks for your answer. Could you elaborate a little bit about the
authentication object? Was that part of the SOAP message?
Guys this is what WS-Security is for! The reason to use SOAP as a
framing protocol is to leverage orthogonal/cross-cutting features like
security, reliablity, trust, addressing in standard ways. Baking
security features into your application messages may be expedient but is
not the direction this industry is going in.
Jim
