Anne, We are planning for it.... http://nagoya.apache.org/wiki/apachewiki.cgi?SecurityProposal
You will see something next week (At least X509) Thanks, dims --- Anne Thomas Manes <[EMAIL PROTECTED]> wrote: > OASIS WS-Security defines a standard SOAP header for passing security > tokens. The spec isn't final, yet, but it's pretty close. You can use > WS-Security to pass any type of security token. The spec defines binding for > many different types of tokens, including SAML, Kerberos, X.509, XCBF, and > more. See http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss. > > Axis can support WS-Security headers, although I don't think anyone has > developed and contributed an Axis SOAP header processor for it. (Any > volunteers?) > > Anne > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, June 20, 2003 5:16 AM > Subject: RE: Newbie question on Usage and design style > > > > Wilfred, > > > > Thank you for the prompt reply. I hope to generate a healthy debate on the > > issue and see whether I am crossing the limits of interoperation. > > > > Does SOAP, UDDI, WSDL in their present and proposed form attempt to > address > > this issue about authentication? What are the best practices around this, > > supposing that one wants to maintain interoperation? One solution may be > to > > maintain the underlying HTTP session (but that is something beyond the > specs > > in WSDL) and again may break interop. > > > > Hope for guidance from experienced people in the list. > > > > Regards, > > > > Santosh > > > > -----Original Message----- > > From: Wilfred Springer [mailto:[EMAIL PROTECTED] > > Sent: Friday, June 20, 2003 9:31 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Newbie question on Usage and design style > > > > > > > We are considering of introducing axis based web services, as an interop > > > solution for the interface into our product. We already have well > > > established Authentication and Authorisation services delivered via > CORBA, > > I > > > wanted to utilise the same and introduce a concept of a token for every > > > successful user of our web services (still in the conceptualization > > phase). > > > > This smells like SAML. > > > > > > > > Some sites suggested of introducing SOAP Headers in the WSDL. Does AXIS > > > support this feature of a token in the request header. How do I access > it > > in > > > an end point? Is it too much of a demand on web services? > > > > If your ultimate goal is interoperability, then you'd better steer clear > > from introducing proprietary headers. > > > > -- > > ________________________________________________________________ > > Wilfred Springer Phone : +31 (0)3 3451 5736 > > Java Architect Mobile : +31 (0)6 2295 7321 > > Sun Java Center Fax : +31 (0)3 3451 5734 > > Sun Microsystems Netherlands Mail : [EMAIL PROTECTED] > > > ===== Davanum Srinivas - http://webservices.apache.org/~dims/ __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
