If a client connects to a web service, how do we identify the user? Is

1.	If a client connects to a web service, how do we identify the user? Is the user authorized to use the service?
Answer» The following options can be considered but there is no clear consensus on a strong authentication scheme. HTTP includes built-in support for Basic and Digest authentication, and services can therefore be protected in much the same manner as HTML documents are currently protected. SOAP Digital Signature (SOAP-DSIG) leverages public key cryptography to digitally sign SOAP messages. It enables the client or server to validate the identity of the other party. Check it at http://www.w3.org/TR/SOAP-dsig. The Organization for the Advancement of Structured Information Standards (OASIS) is working on the Security Assertion Markup Language (SAML).

If a client connects to a web service, how do we identify the user? Is the user authorized to use the service?

Answer»

The following options can be considered but there is no clear consensus on a strong authentication scheme.

HTTP includes built-in support for Basic and Digest authentication, and services can therefore be protected in much the same manner as HTML documents are currently protected.

SOAP Digital Signature (SOAP-DSIG) leverages public key cryptography to digitally sign SOAP messages. It enables the client or server to validate the identity of the other party. Check it at http://www.w3.org/TR/SOAP-dsig.

The Organization for the Advancement of Structured Information Standards (OASIS) is working on the Security Assertion Markup Language (SAML).

Discussion

No Comment Found

Related InterviewSolutions

How to handle Network security threats in Web services?
What do you mean by Web services manageability?
If a client connects to a web service, how do we identify the user? Is the user authorized to use the service?
If a client sends an XML request to a server, can we ensure that the communication remains confidential?
Is XML-RPC is platform-dependent?
Which language UDDI uses?
Which component of Web service describes interfaces to web services?
What are the primary security issues with web services?
What are the features of UDDI?
What is UDDI?