[
Lists Home |
Date Index |
Thread Index
]
>
> -----Original Message-----
> From: Chiusano Joseph [mailto:chiusano_joseph@bah.com]
> Sent: Wednesday, May 07, 2003 10:06 AM
> To: Rich Salz
> Cc: xml-dev@lists.xml.org
>
> <Quote>
> User1 authenticates to A and "delegates" its rights so that A
> can present its rights, and the delegated User1 rights to B.
> </Quote>
>
> That works well from the perspective of A (the sender side)
> because it asserts that A has the proper claims to access B
> (this appears to me to be more of a "push" method). But what
> if B does not consider A to be a valid user? How can B enforce this?
>
> Also, what about a more granular level, such as at a WSDL
> Operation or Message level?
Take a look at the WS-Security specs from IBM, Microsoft, et.al. I believe
they cover your scenario fairly well. In particular, look at the WS-Trust
spec:
http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnglo
bspec/html/ws-trust.asp
|