Hello,
I don't know if it is the correct mailing list to post this question
and I don't know if it is fully in topic.
I am running an axis2 web service, an STS, and I am using
a custom token issuer, with a custom ws-trust implementation,
for using OCSP, CRLs, custom token management and so on.
I'm also running an axis2 client.
Everything works fine, using a simple two-message model
RST and RSTR: tokens are correctly exchanged, without any
problems.
I use that definition: a service it is just a typed interface
for a resource.
Now, what I'm missing is: what happens if someone requests a token
that needs a negotiation? Or how an SCT could be created?
IMHO, this is a state between services, but how can I implement it?
Of course, I cannot use HTTPSession (I cannot suppose to use
HTTP), REST (I cannot suppose that clients or other STS are able to
understand REST) and I cannot use the proprietor axis2 state
management, since clients and STS could be Jax-ws, .net and so on and
solutions are always vendor-specific.
What readings do you suggest? Managing states across web service
with the prior definition seems to be unclear for me.
Thanks,
Massimiliano
