• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Using wsse, is there a dedicated tag for 'group' or 'role' ?

 
Sol Mayer-Orn
Ranch Hand
Posts: 311
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'm new to the subject WebServices security.
Various tutorials mention that a SOAP message can carry username/password, using the tags < wsse:Username > , < wsse assword >.

I was wondering if the standard would allow me to send a group (or role), *instead* of username/password ?
I am going through an SSO system, so I don't need the password anymore (my systems trust each other). But I would like to send the user role, something like:

// dummy tag!
< wsse:role > admin ...

Thanks
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
WS-Security deals with authentication, which involves usernames and passwords, but not authorization, where roles would come into play.

But in any case the client does not get to say which roles it would like to be in; that's for the user database (or realm or directory or whatever you have) to decide on the backend.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic