On Thu, Jul 10, 2008 at 1:08 AM, yannick guionnet < [EMAIL PROTECTED]> wrote:
> Could someone tells me how is managed, inside ODE, security token when a > BPEL process > is invoked through WebService with authentication, or at the other side > what > is required by ode about security propagation when invoking process through > WS ? There's no code in Ode to do this right now. Current solutions (e.g. Tempo) rely on the process and/or external services to do these checks by passing the token in message payload. > At the management API I don't see any constrainst on role or security, > could we acess this api without authentication ? Correct; at the moment the PM API is not secured from inside Ode. alex
