Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  iWay Software Product Forum on Focal Point    Implementing Security against Web Services in iWay

Read-Only Read-Only Topic
Go
Search
Notify
Tools
Implementing Security against Web Services in iWay
 Login/Join
 
Member
posted
We are currently deploying our first web services which the business will be able to use in iWay.

Some of these require security. We need to know who is calling the web service from within the firewall. We basically want to control which users can call specific methods within web services. We also want to audit who has called a specific web service since the data passed to us will be loaded in a database.

If we were in .NET, we could probably use the web.config and define who has access but of course this is not the case within such a platform. Of course, we want to avoid developing .NET code and that is why we are using such a platform.

How is this done in an SOA/ESB world? How is security handled? We would like to use Active Directory has much as possible but this might not be the best solution (we are a Windows shop). Does anybody have examples?

Please help

Pascal Couture


WebFOCUS 7.6
Windows, All Outputs
 
Posts: 3 | Registered: August 17, 2010Report This Post
Member
posted Hide Post
Pascal,

Maybe to get started, take a look at iWay Business Services Provider User's Guide - Using Web Services Policy-Based Security . So you can apply different policies to services/methods according to defined users and groups.

Br,
Rivo


iSM 6.0
iDM 7.6.5 - 7702
WF 7.6.4 - 7702

All output formats
 
Posts: 23 | Location: Tallinn, Estonia | Registered: July 31, 2009Report This Post
Member
posted Hide Post
Hi,

Thank you for your answer... This is an interesting start but having to recreate users and maintain them a side form our Active Directory kinds of defeats the purpose of all our network policies... Plus, having users passing a clear text password is not something we really want...

A combination of this and SSL might sadly be our solution though and we will definitely look into it...

Any other way? Has anybody used a security tokens approach or anything?

Pascal


WebFOCUS 7.6
Windows, All Outputs
 
Posts: 3 | Registered: August 17, 2010Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  iWay Software Product Forum on Focal Point    Implementing Security against Web Services in iWay

Copyright © 1996-2020 Information Builders