Q

SOA and entry points

Web services security expert Andrew Nash discusses SOA and the security of entry points.

How does SOA affect single sign-on? Are there things we need to be doing at the directory level? What types of tokens and credentials work best in an SOA?

Most organizations will have at least two entry points to the organization - browser/portal interfaces and web services. The same sets of identities, SSO, federated identity attributes access control and other policies need to be applied in a consistent fashion across both these technologies. Leveraging deployed IAM technologies including directories for Web Services is a fundamental requirement.

In most architectures, the presentation and user interface handling (including challenge response protocols for authentication and SSO) will be handled by a portal. Different user credential schemes have been deployed over the years including passwords, tokens, smart cards, X.509 certificates and many others. To reduce complexity and improve performance, reduction of the number of credential types used within a web services framework is highly desirable. To that end, either SAML or Kerberos tickets are the most likely contenders. The advantage of SAML as the choice for this "single" token type is that it is extremely flexible and offers the opportunity to provide secondary authentication support by carrying the appropriate credentials necessary to interact with the legacy systems that Web Services must integrate with at some point.

This was first published in April 2006

Dig deeper on Service-oriented architecture (SOA) implementations

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide

SearchWinDevelopment

Close