0 votes
33 views
in Education by (51.6k points)

If a client connects to a web service, how do we identify the user? Is the user authorized to use the service?

1 Answer

0 votes
by (51.6k points)

If a client connects to a web service, how do we identify the user? Is the user authorized to use the service?

The following options can be considered but there is no clear consensus on a strong authentication scheme.

HTTP includes built-in support for Basic and Digest authentication, and services can therefore be protected in much the same manner as HTML documents are currently protected.

SOAP Digital Signature (SOAP-DSIG) leverages public key cryptography to digitally sign SOAP messages. It enables the client or server to validate the identity of the other party. Check it at http://www.w3.org/TR/SOAP-dsig.

The Organization for the Advancement of Structured Information Standards (OASIS) is working on the Security Assertion Markup Language (SAML).

Related questions

0 votes
1 answer 6 views
0 votes
1 answer 34 views
0 votes
1 answer 19 views
0 votes
1 answer 35 views
0 votes
1 answer 44 views
0 votes
1 answer 13 views
0 votes
1 answer 48 views
0 votes
1 answer 24 views
0 votes
1 answer 3 views
0 votes
1 answer 24 views
0 votes
1 answer 28 views
...