Ask the Expert

SOA and entry points

How does SOA affect single sign-on? Are there things we need to be doing at the directory level? What types of tokens and credentials work best in an SOA?

    Requires Free Membership to View

Most organizations will have at least two entry points to the organization - browser/portal interfaces and web services. The same sets of identities, SSO, federated identity attributes access control and other policies need to be applied in a consistent fashion across both these technologies. Leveraging deployed IAM technologies including directories for Web Services is a fundamental requirement.

In most architectures, the presentation and user interface handling (including challenge response protocols for authentication and SSO) will be handled by a portal. Different user credential schemes have been deployed over the years including passwords, tokens, smart cards, X.509 certificates and many others. To reduce complexity and improve performance, reduction of the number of credential types used within a web services framework is highly desirable. To that end, either SAML or Kerberos tickets are the most likely contenders. The advantage of SAML as the choice for this "single" token type is that it is extremely flexible and offers the opportunity to provide secondary authentication support by carrying the appropriate credentials necessary to interact with the legacy systems that Web Services must integrate with at some point.

This was first published in April 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: