Authentication and Authorization

The same types of authentication are available for web services that are commonly used with web applications, such as usernames, passwords, hardware and software tokens, and digital certificates; however, the type of authentication that should be implemented within the web service will greatly depend on how the web service is accessed, by whom, and the system's architectural design. Since web services are often accessed by other web services, or by other applications, authentication mechanisms similar to tokens are often unfeasible due to the requirement to manually type in a different password for each authentication request.

Web services often implement Single Sign-On (SSO) across multiple web services in order to extend their applications' functionality seamlessly. This can be implemented via Security Authorization Markup Language (SAML) (http://www.oasis-open.org/committees/ security/) to allow a web service to make assertions regarding the authentication and authorization of a user to partner web services, whether that user is another web service or a human.

After successful authentication, authorization needs to be implemented to ensure that the user of the web service has access only to authorized functions and data. This can be implemented within a web service via the XML Access Control Markup Language (XACML) standard (http://www.oasis-open.org/committees/xacml/).

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment