• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Security Question: Web Service using VPN

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am planning to develop a web service available to our customers. Our customers are connected via vpn. The web service will handling highly sensitive information.

Now I am wondering if I have to implement message level security in addition to vpn?!?

Many thanks in advance,
Sara
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you have more than one customer on the VPN and you don't add WS-* security such as authentication, wouldn't you worry about customers being able to see other customer information?

Bill
 
Sara Bento
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for your fast reply!!

I'm not sure…

In the following, a few more details: We have a central authentication/authorization system. One of our most important applications is integrated (applet) into many other in-house applications. When a user wants to open the applet, the application which integrates the applet calls the central authentication/authorization system to authenticate the user.

Now, the applet should be integrated into an application hosted by one of our customers. So our central authentication/authorization system should provide a web service. As I mentioned, all our customers are connected via vpn. And of course it is possible, that other customers want to use the web service too…..

Sorry, if I have expressed myself too complicated and also for my poor English. I'm very new to all this stuff, but willing to learn:-)

Thank you very much in advance,
Sara
 
Ranch Hand
Posts: 426
Eclipse IDE Fedora Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sara - what you need is something called RBAC (Role-based Access Control). This allows only the principles to see their own information and not the others.

http://en.wikipedia.org/wiki/Role-based_access_control
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic