Hi Grant, did you consider to use the binary security token feature of WS-Security?
http://schemas.xmlsoap.org/specs/ws-security/ws-security.htm#ws-security__toc6201554 We use it for some services. regards, Torsten. Guang Yang <guang.g.y...@oracle.com> schrieb: Thank you. Actually I am looking for a standard spec defines how to put the access token in soap request. I know several vendors in the industry have their solution of it but none of them is following a public standardization. So could you please do me a favor on letting me know how your product does for soap? Appreciate for your help. To the community, according recent emails back and force looks like we agree that it makes sense to have oauth enabled for soap, but nobody is giving a suggestion how to do it except using saml. I will appreciate to hear more suggestions before choosing a private way of my organization. Thanks a lot, Grant. Oracle Communications, SDP On Mar 28, 2012, at 4:38 AM, Jay Thorne <jtho...@layer7tech.com> wrote: http://www.layer7tech.com/ http://www.layer7tech.com/products/oauth-toolkit Yes, we can work with OAuth2 in SOAP context. Let me know if you want to hear more about it. -- Jay Thorne, Director of Development, Tactical Group Layer 7 Technologies t: 778 329 9974 c:604 836 7257 From: Chris Dryden Sent: Tuesday, March 27, 2012 1:04 PM To: Jay Thorne Subject: FW: [OAUTH-WG] Using Oauth2 token to SOAP web services Jay, this message was posted to the OAuth working group today. I have seen someone else asking for the same thing -- OAuth tokens in a SOAP context. This seems like our area of expertise, doesn't it? From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Grant Yang Sent: Wednesday, March 14, 2012 10:41 PM To: oauth@ietf.org Subject: [OAUTH-WG] Using Oauth2 token to SOAP web services Hi all, We were discussing the possibility to use Oauth2 token on SOAP in our product. The preferred way in mentioned in RFC is of course to put it to HTTP Authorization header, but in this case it will beyond the scope of SOAP stack and I am not sure it shall be the correct way to go. It is also recognized that there is some implementation (such as salesforce) is using some SOAP header (“sessionId”) to put this token, but it looks like a private implementation and I did not find any specification supporting it. Could any experts here illustrate any organization or forum is working on using Oauth2 token for SOAP request? As there are quite some legacy SOAP based web services, hopefully it is a question makes sense for you as well. Thoughts? Grant Yang Architect, SDP of ORACLE Communications _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth