On 18/09/10 12:52, Sanchit wrote: > I am developing a web-services based project which is supposed to use > SAML as security token for communication with a centralized server... > The centralized server maintains the roles& policies associated with > other entities in the ecosystem. The centralized server is not shared > with us yet, I only have specification that it will maintain roles& > policies and expose its REST based APIs ... One doubt that I have is > if Restlet& SAML can alone be used in the centralized server to > implement Roles& Policies or if Roles& Policies will necessarily be > implemented using a LDAP server .. Please give your valuable > suggestion , Thanking everyone in anticipation >
It's not really clear to me whether it's your (presumably Restlet-based) web-service you're trying to secure (and have it exchange SAML with the centralized server you don't control to get the roles and policies) or if you're wondering whether you can send SAML to and from the centralized server (which might be Restlet-based?). Both should be possible in principle. Are you using any specific SAML bindings or SAML implementation? Best wishes, Bruno. ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2663337
