<<Security is a very large topic for Service Layer implementers, and the scope is too broad for a short article like this one. So I'll just discuss the most obvious aspect of it user authentication.
If the Service Layer is to have great value, it needs to provide a homogeneous authentication approach. A typical goal would be to have authorization decisions somehow externalized so that the Service Layer could handle that automatically in the context of the universal authentication scheme. Unfortunately, what we normally see is a much more difficult situation. Legacy systems were built over a long period of time by people who did not know each other, who did not share common goals, who did not understand enterprise architecture, and to whom security was a last-minute add-on. As a result, the various authentication schemes that back-end systems implement are eclectic and thus hard to mold into a seamless whole, which is the goal of the service layer. Examples of legacy authentication approaches that we found included standard mainframe RACF or ACF, single-system userid/password repository and even one that used a "trusted IP". Trusted IP means that if your IP address is in their table, you can just come on in.>> You can find this at: http://www.ebizq.net/hot_topics/soa/features/6358.html Gervas ------------------------ Yahoo! Groups Sponsor --------------------~--> Fair play? Video games influencing politics. Click and talk back! http://us.click.yahoo.com/T8sf5C/tzNLAA/TtwFAA/NhFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
