Phil is right! I observe the same thing: the frond-end is RESTful; the
back-end is mixed. Personally, I think it would be good for OAuth to be
deployed as wide as possible. (The SAML/OAuth ideas I think are
working the same problem.)
Igor
On 3/19/2012 9:23 AM, Phil Hunt wrote:
There's going to be a lot of mixed environments for some time. Particularly an
issue at the boundaries between classic soap services and new restful services.
Phil
On 2012-03-19, at 0:05, Hannes Tschofenig<hannes.tschofe...@gmx.net> wrote:
Hi Grant,
IMHO the main reason why the OAuth specification does not standardize OAuth
usage specially for SOAP is because most people by now realized that SOAP, as
another layer of encapsulation, does not add a lot of value.
Ciao
Hannes
On Mar 19, 2012, at 6:15 AM, Grant Yang wrote:
Thank you very much Phil!
The thing is, the Oauth spec just mentioned putting the Access Token into HTTP
header “Authorization”. I don’t think it applies to SOAP as this header is not
visible from SOAP stack perspective.
So, when we talking about the soap header, are we talking about the header used
by WS-Security? Could you please be kindly providing me one example on putting
the Access Token into SOAP header and let me know which product is currently
using this mechanism?
Thanks a lot,
Grant.
From: Phil Hunt
Sent: Thursday, March 15, 2012 11:53 PM
To: Grant Yang
Subject: Re: [OAUTH-WG] Using Oauth2 token to SOAP web services
Grant,
You put it in the soap header of course in the same spot as any other
credential. :-)
Phil
@independentid
www.independentid.com
phil.h...@oracle.com
On 2012-03-14, at 10:41 PM, Grant Yang wrote:
Hi all,
We were discussing the possibility to use Oauth2 token on SOAP in our product.
The preferred way in mentioned in RFC is of course to put it to HTTP
Authorization header, but in this case it will beyond the scope of SOAP stack
and I am not sure it shall be the correct way to go. It is also recognized that
there is some implementation (such as salesforce) is using some SOAP header
(“sessionId”) to put this token, but it looks like a private implementation and
I did not find any specification supporting it.
Could any experts here illustrate any organization or forum is working on using
Oauth2 token for SOAP request? As there are quite some legacy SOAP based web
services, hopefully it is a question makes sense for you as well.
Thoughts?
Grant Yang
Architect, SDP of ORACLE Communications
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
