• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Using wsse, is there a dedicated tag for 'group' or 'role' ?

 
Ranch Hand
Posts: 311
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I'm new to the subject WebServices security.
Various tutorials mention that a SOAP message can carry username/password, using the tags < wsse:Username > , < wsse assword >.

I was wondering if the standard would allow me to send a group (or role), *instead* of username/password ?
I am going through an SSO system, so I don't need the password anymore (my systems trust each other). But I would like to send the user role, something like:

// dummy tag!
< wsse:role > admin ...

Thanks
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
WS-Security deals with authentication, which involves usernames and passwords, but not authorization, where roles would come into play.

But in any case the client does not get to say which roles it would like to be in; that's for the user database (or realm or directory or whatever you have) to decide on the backend.
 
Where does a nanny get ground to air missles? Protect this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic