There's going to be a lot of mixed environments for some time. Particularly an issue at the boundaries between classic soap services and new restful services.
Phil On 2012-03-19, at 0:05, Hannes Tschofenig <hannes.tschofe...@gmx.net> wrote: > Hi Grant, > > IMHO the main reason why the OAuth specification does not standardize OAuth > usage specially for SOAP is because most people by now realized that SOAP, as > another layer of encapsulation, does not add a lot of value. > > Ciao > Hannes > > On Mar 19, 2012, at 6:15 AM, Grant Yang wrote: > >> Thank you very much Phil! >> >> The thing is, the Oauth spec just mentioned putting the Access Token into >> HTTP header “Authorization”. I don’t think it applies to SOAP as this header >> is not visible from SOAP stack perspective. >> >> So, when we talking about the soap header, are we talking about the header >> used by WS-Security? Could you please be kindly providing me one example on >> putting the Access Token into SOAP header and let me know which product is >> currently using this mechanism? >> >> Thanks a lot, >> Grant. >> >> From: Phil Hunt >> Sent: Thursday, March 15, 2012 11:53 PM >> To: Grant Yang >> Subject: Re: [OAUTH-WG] Using Oauth2 token to SOAP web services >> >> Grant, >> >> You put it in the soap header of course in the same spot as any other >> credential. :-) >> >> Phil >> >> @independentid >> www.independentid.com >> phil.h...@oracle.com >> >> >> >> >> >> On 2012-03-14, at 10:41 PM, Grant Yang wrote: >> >> >> Hi all, >> >> We were discussing the possibility to use Oauth2 token on SOAP in our >> product. >> >> The preferred way in mentioned in RFC is of course to put it to HTTP >> Authorization header, but in this case it will beyond the scope of SOAP >> stack and I am not sure it shall be the correct way to go. It is also >> recognized that there is some implementation (such as salesforce) is using >> some SOAP header (“sessionId”) to put this token, but it looks like a >> private implementation and I did not find any specification supporting it. >> >> Could any experts here illustrate any organization or forum is working on >> using Oauth2 token for SOAP request? As there are quite some legacy SOAP >> based web services, hopefully it is a question makes sense for you as well. >> >> Thoughts? >> >> Grant Yang >> Architect, SDP of ORACLE Communications >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth