WS-Security

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

WS-Security

Antonio Faria Couto




Hi..

When the web service message passes through several routers how it works?! The
message must autenticate in all the routers?! Or should be created a secure
line that connecting the service invoker with the servide proveider?!

Best regards,
António Couto
--
DEI-ISEP (http://www.dei.isep.ipp.pt)



Reply | Threaded
Open this post in threaded view
|

Re: WS-Security

Eric Frost




Hi António,

It does not need to authenticate in the routers, the authentication is
encapsulated in
packet. The routers just transmit the packets. It is part of the magic of
TCP/IP.

Eric
http://www.mapelves.com
http://www.windychat.com

----- Original Message -----
From: "Antonio Faria Couto" <[hidden email]>
To: <[hidden email]>
Sent: Monday, January 07, 2008 2:15 PM
Subject: WS-Security

Hi..

When the web service message passes through several routers how it works?!
The
message must autenticate in all the routers?! Or should be created a secure
line that connecting the service invoker with the servide proveider?!

Best regards,
António Couto





Reply | Threaded
Open this post in threaded view
|

RE: WS-Security

Paul Cotton




Another alternative is to use "message level security" via a spec like WS-Security [1].

/paulc

[1] http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf

Paul Cotton, Microsoft Canada
17 Eleanor Drive, Ottawa, Ontario K2E 6A3
Tel: (425) 705-9596 Fax: (425) 936-7329


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Eric Frost
Sent: Monday, January 07, 2008 3:35 PM
To: Antonio Faria Couto; [hidden email]
Subject: Re: WS-Security





Hi António,

It does not need to authenticate in the routers, the authentication is
encapsulated in
packet. The routers just transmit the packets. It is part of the magic of
TCP/IP.

Eric
http://www.mapelves.com
http://www.windychat.com

----- Original Message -----
From: "Antonio Faria Couto" <[hidden email]>
To: <[hidden email]>
Sent: Monday, January 07, 2008 2:15 PM
Subject: WS-Security

Hi..

When the web service message passes through several routers how it works?!
The
message must autenticate in all the routers?! Or should be created a secure
line that connecting the service invoker with the servide proveider?!

Best regards,
António Couto







Reply | Threaded
Open this post in threaded view
|

Re: WS-Security

Anne Thomas Manes
In reply to this post by Eric Frost




Hi António,

If by "router" you mean a network router operating below layer 7, see
Eric's response below.

If by "router" you mean an intermediary that operates at the
application level (such as an XML gateway, ESB, or management proxy),
these intermediaries may or may not examine the WS-Security header in
the SOAP message depending on the policies that have been defined for
the intermediary. An intermediary may perform a variety of security
functions on behalf of the target endpoint, such as authentication,
authorization, auditing, credential mapping, and message validation
and filtering. The intermediary may add its credentials to the
WS-Security header. On the other hand, an intermediary may not examine
the message at all; it can simply route the message based on load or
using a round robin algorithm, or it might simply monitor the message
and collect statistics about the message traffic.

If you'd prefer to establish a secure line through which two endpoints
can exchange multiple messages without re-authenticating each time,
you should use WS-SecureConversation. An intermediary could be
configured to help establish the secure conversation, but once the
session is set up, the ensuing conversation will go directly between
the two endpoints with no intermediaries.

Anne

On Jan 7, 2008 3:34 PM, Eric Frost <[hidden email]> wrote:

>
>
>
>
> Hi António,
>
> It does not need to authenticate in the routers, the authentication is
> encapsulated in
> packet. The routers just transmit the packets. It is part of the magic of
> TCP/IP.
>
> Eric
> http://www.mapelves.com
> http://www.windychat.com
>
>
> ----- Original Message -----
> From: "Antonio Faria Couto" <[hidden email]>
> To: <[hidden email]>
> Sent: Monday, January 07, 2008 2:15 PM
> Subject: WS-Security
>
> Hi..
>
> When the web service message passes through several routers how it works?!
> The
> message must autenticate in all the routers?! Or should be created a secure
> line that connecting the service invoker with the servide proveider?!
>
> Best regards,
> António Couto
>
>
>
>
>
>