I recently searched for some of the best ways to authenticate Web Services Calls (Reinst Soap or whatever) I am doing
Some talk about SSL and http Basic Authentication- Login / Password- which It seems to be strange for the machine (I mean to log in / password in a machine, or is it not?).
Some others say that the API key (it seems that this scheme is used for tracking and not to secure)
Some people are called tokens (like session ID) but we Should not stay stateless (especially if in the REST style)?
In the case of my use, when a remote app is calling one for our web services, I must certify the app that calls the call explicitly, and the call must be implemented - Let me know what user impersonates, so I can deal with the authority later.
Any thoughts?
Then, do you have user -> client surs -> your surfer, yes?
You need to authenticate Client Survey -> Your server, to ensure that no one can talk to your server.
If this is an established trust relationship (i.e. you chat people, sign documents, and do other things outside of the band), then you just use SSL seats, serates You can do that, you can sign.
Actually you set up your own certificate authority, create a basic certificate, and then create client certificates signed by that root certificate.
Then you do not allow that certificate to be connected to the client server, and to anyone who does not have a certificate signed by your root certificate.
If the client ever eliminates their relationship, then you can cancel their certificate and they '
to identify the user, to become part of the API Will be required. The client should authenticate them properly, and then you should send any credentials you need.
This may be the first class part of your web service (like parameters), or if you use SOAP, it could be passed with the SAML attachment in the SAP header, which you then Can remove
There are about 8000 ways to achieve SOAP web services in WS-security, as you have found.
So, how it depends on what you want to do, and other requirements, but whatever you have, it should work peachy.
Comments
Post a Comment