posted 18 years ago
Hi all
I am implementing security for web services, for my academic project. The requirement is for many clients to access the three methods of the web service, based on their authorization. I mean the authorization should be on the method-level, the client can access it only if it is authorized to.
My design is to implement XML encryption for message confidentiality, XML signature for message integrity and non-repudiation and SAML tokens for authentication and authorization. I could implement all these using wss4j.
I chose SAML tokens over other tokens like UsernameTokens, supposing that I could also implement method-level access control using SAML. Am I right?
I would like to know if I am in the right direction with my design, Does my design address all the security issues in my requirement or will I need to implement XKMS and XACML too?
Thanks
Vignesh.