Security and Authentication mechanism for webservices..?

Discussions

XML & Web services: Security and Authentication mechanism for webservices..?

  1. Hi Guys,

    Thanks for the previous help. Can anyone suggest a solution/mechanism to enforce security and authentication for published webservices?

    I have situation where an external system (of Business Partner) would like to request-services of webservices deployed via SOAP XML messaging. How could i authenticate the system requesting the service is our business partner system?

    Any suggestions welcome,

    thanks\
    RA
  2. For server-side security, Netegrity has a new product coming called TransactionMinder. It integrates with their SiteMinder product to authenticate Web Services against your company Policy Store.

    I believe that the client will embed security credentials in the SOAP messages using a new markup language called SAML. TransactionMinder interprets the SAML tags and data and performs the authentication.

    Can anyone add some other security models that are commonly used?

    - joe
  3. See this tutorial:

    https://www.theserverside.com/resources/article.jsp?l=Systinet-web-services-part-3