Focal Point Banner
Community Center Education Summit Technical Support User Groups
Let's Get Social!

Facebook Twitter LinkedIn YouTube
Focal Point    Focal Point Forums  Hop To Forum Categories  iWay Software Product Forum on Focal Point    Implementing Security against Web Services in iWay
Go
New
Search
Notify
Tools
Reply
  
Implementing Security against Web Services in iWay
 Login/Join
 
Member
posted
We are currently deploying our first web services which the business will be able to use in iWay.

Some of these require security. We need to know who is calling the web service from within the firewall. We basically want to control which users can call specific methods within web services. We also want to audit who has called a specific web service since the data passed to us will be loaded in a database.

If we were in .NET, we could probably use the web.config and define who has access but of course this is not the case within such a platform. Of course, we want to avoid developing .NET code and that is why we are using such a platform.

How is this done in an SOA/ESB world? How is security handled? We would like to use Active Directory has much as possible but this might not be the best solution (we are a Windows shop). Does anybody have examples?

Please help

Pascal Couture


WebFOCUS 7.6
Windows, All Outputs
 
Posts: 3 | Registered: August 17, 2010Reply With QuoteReport This Post
Member
posted Hide Post
Pascal,

Maybe to get started, take a look at iWay Business Services Provider User's Guide - Using Web Services Policy-Based Security . So you can apply different policies to services/methods according to defined users and groups.

Br,
Rivo


iSM 6.0
iDM 7.6.5 - 7702
WF 7.6.4 - 7702

All output formats
 
Posts: 23 | Location: Tallinn, Estonia | Registered: July 31, 2009Reply With QuoteReport This Post
Member
posted Hide Post
Hi,

Thank you for your answer... This is an interesting start but having to recreate users and maintain them a side form our Active Directory kinds of defeats the purpose of all our network policies... Plus, having users passing a clear text password is not something we really want...

A combination of this and SSL might sadly be our solution though and we will definitely look into it...

Any other way? Has anybody used a security tokens approach or anything?

Pascal


WebFOCUS 7.6
Windows, All Outputs
 
Posts: 3 | Registered: August 17, 2010Reply With QuoteReport This Post
  Powered by Social Strata  
 

Focal Point    Focal Point Forums  Hop To Forum Categories  iWay Software Product Forum on Focal Point    Implementing Security against Web Services in iWay

Copyright © 1996-2018 Information Builders, leaders in enterprise business intelligence.