Wilfred, Thank you for the prompt reply. I hope to generate a healthy debate on the issue and see whether I am crossing the limits of interoperation.
Does SOAP, UDDI, WSDL in their present and proposed form attempt to address this issue about authentication? What are the best practices around this, supposing that one wants to maintain interoperation? One solution may be to maintain the underlying HTTP session (but that is something beyond the specs in WSDL) and again may break interop. Hope for guidance from experienced people in the list. Regards, Santosh -----Original Message----- From: Wilfred Springer [mailto:[EMAIL PROTECTED] Sent: Friday, June 20, 2003 9:31 AM To: [EMAIL PROTECTED] Subject: Re: Newbie question on Usage and design style > We are considering of introducing axis based web services, as an interop > solution for the interface into our product. We already have well > established Authentication and Authorisation services delivered via CORBA, I > wanted to utilise the same and introduce a concept of a token for every > successful user of our web services (still in the conceptualization phase). This smells like SAML. > > Some sites suggested of introducing SOAP Headers in the WSDL. Does AXIS > support this feature of a token in the request header. How do I access it in > an end point? Is it too much of a demand on web services? If your ultimate goal is interoperability, then you'd better steer clear from introducing proprietary headers. -- ________________________________________________________________ Wilfred Springer Phone : +31 (0)3 3451 5736 Java Architect Mobile : +31 (0)6 2295 7321 Sun Java Center Fax : +31 (0)3 3451 5734 Sun Microsystems Netherlands Mail : [EMAIL PROTECTED]
