Multiple Policies from one Web Service ?
- From: "Howard Hoffman" <HowardH@xxxxxxxxxxxxxxxx>
- Date: Fri, 7 Jul 2006 15:55:22 -0400
I've a WSE3 WebService that, for a particular customer, will be used by two
types of clients -- one that is within the corporate firewall and one that
is outside the corporate firewall.
For the former, we use Kerberos Security, and the latter we are developing
toward UsernameForCertificate.
Is there anyway we could conceivably combine the two in a single web
service? I think this is the range of options we are looking at:
1) Two separate application installations; one uses KerberosSecurity policy,
one uses UsernameForCertificate policy.
2) Two separate web services within the one single application; one uses
KerberosSecurity policy; one uses UsernameForCertificate policy -- there is
a single wse3policyCache.config file for the application with 2 separate
<policy>elements. There is a single <extensions> element that contains both
the usernameForCertificateSecurity assertion and the kerberosSecurity
assertion.
3) Use UsernameForCertificate only, install the server's 509 certificate on
all clients.
The additional problem we have is that a released / deployed application
acts as our client for the 'within firewall' case, and it does not create
UsernameToken instances in its code -- it assumes Kerberos. We almost
certainly cannot re-release / re-deploy that application in time for our
need.
Thanks in advance,
Howard Hoffman
.
- Follow-Ups:
- RE: Multiple Policies from one Web Service ?
- From: Steven Cheng[MSFT]
- RE: Multiple Policies from one Web Service ?
- Prev by Date: Re: Avoiding data theft
- Next by Date: Web Services, Security, X.509
- Previous by thread: WS-Addressing and Load Balancing Appliance Issues
- Next by thread: RE: Multiple Policies from one Web Service ?
- Index(es):
Relevant Pages
|
