2 questions about SOA security
2008-11-22 17:41
267 查看
I am thinking about a few questions recently.
maybe those questions are common questions when implementing SOA security.
Q1: how to implement an SSO(browser based) solution for heterogeneous web servers?
WebLogic v9 and v10 support SAML, and according to v10 document, WebLogic v10 supports SSO with Mircosoft client and HTTP client. I have not tested yet. I just think if the user's server is tomcat or jboss or websphere or what ever.
There are some solutions, but they are complex.
I decide to try to design a simple solution for browser based SSO, using open source.
maybe this will cost me one or two months.
Q2: how to implement web services SSO?
For a typical SOA environment, a user will face many web services distributed in many systems. if user zhangsan login into system a, he wants to call the workflow service in system b and then he wants to call the hr service in system c. In this scenario each service checks user identity. So how system a passes user zhangsan identity to system b and c.
SAML 2.0 provides a solution for non-browser client SSO, but I haven't seen an implementation.
I will try to work out this question in few months.
maybe those questions are common questions when implementing SOA security.
Q1: how to implement an SSO(browser based) solution for heterogeneous web servers?
WebLogic v9 and v10 support SAML, and according to v10 document, WebLogic v10 supports SSO with Mircosoft client and HTTP client. I have not tested yet. I just think if the user's server is tomcat or jboss or websphere or what ever.
There are some solutions, but they are complex.
I decide to try to design a simple solution for browser based SSO, using open source.
maybe this will cost me one or two months.
Q2: how to implement web services SSO?
For a typical SOA environment, a user will face many web services distributed in many systems. if user zhangsan login into system a, he wants to call the workflow service in system b and then he wants to call the hr service in system c. In this scenario each service checks user identity. So how system a passes user zhangsan identity to system b and c.
SAML 2.0 provides a solution for non-browser client SSO, but I haven't seen an implementation.
I will try to work out this question in few months.
相关文章推荐
- 关于ext.grids常见问题(Frequently asked questions about grids):
- Some questions about ambient noise
- Please open the about:config page and disable the "security.fileuri.strict_origin_policy" option
- Best questions about python at stackoverflow in 2016
- About Spring Security Framework(maybe updated continuously...)
- Top 10 questions about InfoPath attachments
- Two Interview questions! about event and Observer mode
- Answers to some common problems and questions about Xen
- Top 9 questions about Java Maps (关于java map集合的前九个问题)
- 2 articles about mobile security
- Some questions about RT-preempt
- Top 10 Questions about Java Exceptions--reference
- Questions about purchasing
- Open Source and SOA, ESB and Security
- Sth about java security
- SharePoint 2013 - REST API about Security
- Top 10 questions about Java Collections--reference
- Questions about accounting
- About Software Security(关于软件安全)
- [转]About the security content of iOS 8