I'm running into a few similar issues and curious what the most knowledgeable minds in the group have to say.
My understanding at this point says that Cairngorm gives you the service locator and other framework aspects you're seeking, but Flex Data Services is really where the best security solutions lie at this point. Creating a named proxy service destination in FDS that is referenced in your service on the client side. The actual WS URL is not exposed for decompilation risk, and your crossdomain.xml would doubly ensure only the clients / environments you intend access. Jamie --- In [email protected], Sebastian Zarzycki <[EMAIL PROTECTED]> wrote: > > What kind of standards does Flex2 web services implementation support? > Which version of Soap, any WS- Standards? > > I'm trying to solve basic problem of securing access to my webservice on > server. I would like to use WS-Security standard, > but I'm afraid, there's no way for Flex to send proper request? Simple > webservice support in Flex may be not enough in the future... > Is this a matter of just writing some additional AS3 classes to extend > WS, or the internal flash/flex design? > > How to solve such problem then? What is your solution? Most obvious one > that comes to my mind is to ask server for login, > server generates token for client, and client uses his token. But this > means that I have to add this token parameter to *every* > webservice method. This is not acceptable, as I want (in fact, my > customer wants) my services to be free of such things. Authorization > should be transparent (but flexible). Then again I could have one big > thing, ServiceLocator or something like that, so that > every client request will point to this one (so authorization is in one > place), with real service name as parameter. This is even > harder to implement. > > So, any ideas? > > -- > | Sebastian Zarzycki / rat[tkin] >
