On Fri, Aug 10, 2012 at 1:46 PM, Raymond Feng <[email protected]> wrote:
> The other option is to protect Tuscany services using a framework like > oAuth 2.0. Tuscany allows you to expose services to HTTP, such as json-rpc > or REST to become web apis. Adding a security layer in front of the web > apis should help. > > > Agree, and oAuth would provide you a better granularity for what applications and users can do. But in this case, where everything seems to be in a intranet, he would still have to add some kind of firewall to prevent any access that is not being authorized/proxyied by the oAuth layer, otherwise internal machines could still try to access the services endpoints directly. -- Luciano Resende http://people.apache.org/~lresende http://twitter.com/lresende1975 http://lresende.blogspot.com/
