Thanks for the previous help. Can anyone suggest a solution/mechanism to enforce security and authentication for published webservices?
I have situation where an external system (of Business Partner) would like to request-services of webservices deployed via SOAP XML messaging. How could i authenticate the system requesting the service is our business partner system?
Any suggestions welcome,
For server-side security, Netegrity has a new product coming called TransactionMinder. It integrates with their SiteMinder product to authenticate Web Services against your company Policy Store.
I believe that the client will embed security credentials in the SOAP messages using a new markup language called SAML. TransactionMinder interprets the SAML tags and data and performs the authentication.
Can anyone add some other security models that are commonly used?