0 votes
23 views

If a client connects to a web service, how do we identify the user? Is the user authorized to use the service?

in Education by (51.6k points)

1 Answer

0 votes

If a client connects to a web service, how do we identify the user? Is the user authorized to use the service?

The following options can be considered but there is no clear consensus on a strong authentication scheme.

HTTP includes built-in support for Basic and Digest authentication, and services can therefore be protected in much the same manner as HTML documents are currently protected.

SOAP Digital Signature (SOAP-DSIG) leverages public key cryptography to digitally sign SOAP messages. It enables the client or server to validate the identity of the other party. Check it at http://www.w3.org/TR/SOAP-dsig.

The Organization for the Advancement of Structured Information Standards (OASIS) is working on the Security Assertion Markup Language (SAML).

by (51.6k points)

Related questions

0 votes
1 answer 20 views
0 votes
1 answer 13 views
0 votes
1 answer 19 views
0 votes
1 answer 29 views
0 votes
1 answer 28 views
0 votes
1 answer 12 views
12 views asked Nov 7, 2020 in Education by Editorial Staff (51.6k points)
0 votes
1 answer 22 views
0 votes
1 answer 27 views
0 votes
1 answer 18 views
0 votes
1 answer 19 views
0 votes
1 answer 78 views
0 votes
1 answer 19 views
...