The author writes: > The knowledgeable reader despairs for a safe and effective approach, > and indeed one does exist, as described in WS-SECURITY. The single > troublesome detail preventing the widespread acceptance of this > approach is that it is universally unimplemented in the target > systems. Over time however, we do believe WS-SECURITY will be > implemented by many enterprise systems and the situation will > gradually improve. It will never be perfect, though, and security > hacks like those I describe above will still be required if Service > Layers are to be constructed.
The folks at Liberty Alliance and Internet 2 might have something to say about the "universal" lack of WS-SECURITY implementations. If you are looking to a standards-based approach, you might like to check out my own article on the topic for ebizq: http://www.ebizq.net/topics/systems_management/features/6249.html -- All the best Keith http://keith.harrison-broninski.info Gervas Douglas wrote: ><<Security is a very large topic for Service Layer implementers, and >the scope is too broad for a short article like this one. So I'll >just discuss the most obvious aspect of it – user authentication. > >If the Service Layer is to have great value, it needs to provide a >homogeneous authentication approach. A typical goal would be to have >authorization decisions somehow externalized so that the Service >Layer could handle that automatically in the context of the >universal authentication scheme. > >Unfortunately, what we normally see is a much more difficult >situation. Legacy systems were built over a long period of time by >people who did not know each other, who did not share common goals, >who did not understand enterprise architecture, and to whom security >was a last-minute add-on. As a result, the various authentication >schemes that back-end systems implement are eclectic and thus hard >to mold into a seamless whole, which is the goal of the service >layer. > >Examples of legacy authentication approaches that we found included >standard mainframe RACF or ACF, single-system userid/password >repository and even one that used a "trusted IP". Trusted IP means >that if your IP address is in their table, you can just come on in.>> > >You can find this at: > >http://www.ebizq.net/hot_topics/soa/features/6358.html > >Gervas > ------------------------ Yahoo! Groups Sponsor --------------------~--> Fair play? Video games influencing politics. Click and talk back! http://us.click.yahoo.com/T8sf5C/tzNLAA/TtwFAA/NhFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
