Venkata Krishnan wrote:
Hi,Heres what I am intending to do for the secure-bigbank into which I have copied over the exiting calculator, stockquote and account demos into secure-bigbank... - The Calculator and StockQuote services need to exchange data that cannot be tampered with since the AccountService heavily 'relies' on their results. So interaction with these two services should have 'integrity'. I don't think there is a need for authentication or confidentiality for the interactions with these services. - The AccountData service is right now accessed only by the AccountService. I'd like to open this out and put in the following security constraints :- - just keep authentication when accessed from the AccoutService locally say over binding.sca - enforce authentication, confidentiality and integrity when accessed from outside say over binding.ws - Finally the AccountService should enforce authentication, confidentiality and integrity. Does this sound ok ? After an iteration with interaction policies, I'll start working on some implementation policies. For example having 'authorization' enforced on the AccountDataService's operations. Thanks - Venkat
I took a look at secure-bigbank. It's a good start which helps understand how to use the policy framework, and triggers some questions:
- The accountDataService reference is bound to 8084, while the AccountDataService is bound to 8085? aren't they supposed to be wired together?
- Why did you need two authentication and wsAuthentication intents? is it because you needed different policy sets on the client and service side?
- Did you have to change the WS binding code to support your new user defined wsAuthentication intent?
- Is there a way to not repeat the core intents defined by the spec in all contributions?
- Where are the bindingType definitions listing the intents provided by the bindings?
- What are the security callback handlers responsible for? Thanks -- Jean-Sebastien --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
