You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-user@ws.apache.org by Alexander Schatten <al...@gmx.net> on 2001/04/17 00:20:53 UTC
Authentication for SOAP Services?
I guess I basically understand the Apache SOAP implementation, but I
have a problem with authentication. I guess this should be a basic
feature of a web service environment, no?
My problem is, that I want to provide adminitrative services using
Apache SOAP running in Enhydra App server, but these services obviously
are not free, but need some authentification? how should I implement
this?
any comments?
thank you
alex
---------------------------------------------------------------------
To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
For additional commands, email: soap-user-help@xml.apache.org
Re: Authentication for SOAP Services?
Posted by Abid Farooqui <fa...@tampabay.rr.com>.
Alex,
If you can use SSL version 3 which allows server to authenticate the client
as well as client to authenticate the server based on X.509 certificates on
both sides. This does mean that both the client side and the server side
need to be using X.509 certificates. Client side certificates run about $20
a piece depending on which CA (certificate authority) you use or you can
decide to implement a full PKI in house in which case you would be your own
CA and would run a certificate server like Windows 2000 certificate server
(comes bundled with W2K server). This would allow you to skip the $20
payment to a commercial CA. Some SSL webservers like IIS provide the
facility to map a "client certificate" to a domain or local user and thus
whenever this certificate is presented the client gets the same privilages
as the local or domain user. iPlanet also provides such facility but it uses
an external LDAP server to accomplish this.
It is very hard to break dertificate based authentication. If you are
serious about protecting your data against spoofing, data integrity or
prying eyes attack this really is the only solid industry standard way to go
for any mission critical application.
Hope this helps.
Sincerely,
Abid Farooqui
----- Original Message -----
From: "Alexander Schatten" <al...@gmx.net>
To: <so...@xml.apache.org>
Sent: Monday, April 16, 2001 6:20 PM
Subject: Authentication for SOAP Services?
> I guess I basically understand the Apache SOAP implementation, but I
> have a problem with authentication. I guess this should be a basic
> feature of a web service environment, no?
>
> My problem is, that I want to provide adminitrative services using
> Apache SOAP running in Enhydra App server, but these services obviously
> are not free, but need some authentification? how should I implement
> this?
>
>
> any comments?
>
>
> thank you
>
>
> alex
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
> For additional commands, email: soap-user-help@xml.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
For additional commands, email: soap-user-help@xml.apache.org
Re: Authentication for SOAP Services?
Posted by Abid Farooqui <fa...@tampabay.rr.com>.
Alex,
If you can use SSL version 3 which allows server to authenticate the client
as well as client to authenticate the server based on X.509 certificates on
both sides. This does mean that both the client side and the server side
need to be using X.509 certificates. Client side certificates run about $20
a piece depending on which CA (certificate authority) you use or you can
decide to implement a full PKI in house in which case you would be your own
CA and would run a certificate server like Windows 2000 certificate server
(comes bundled with W2K server). This would allow you to skip the $20
payment to a commercial CA. Some SSL webservers like IIS provide the
facility to map a "client certificate" to a domain or local user and thus
whenever this certificate is presented the client gets the same privilages
as the local or domain user. iPlanet also provides such facility but it uses
an external LDAP server to accomplish this.
It is very hard to break dertificate based authentication. If you are
serious about protecting your data against spoofing, data integrity or
prying eyes attack this really is the only solid industry standard way to go
for any mission critical application.
Hope this helps.
Sincerely,
Abid Farooqui
----- Original Message -----
From: "Alexander Schatten" <al...@gmx.net>
To: <so...@xml.apache.org>
Sent: Monday, April 16, 2001 6:20 PM
Subject: Authentication for SOAP Services?
> I guess I basically understand the Apache SOAP implementation, but I
> have a problem with authentication. I guess this should be a basic
> feature of a web service environment, no?
>
> My problem is, that I want to provide adminitrative services using
> Apache SOAP running in Enhydra App server, but these services obviously
> are not free, but need some authentification? how should I implement
> this?
>
>
> any comments?
>
>
> thank you
>
>
> alex
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
> For additional commands, email: soap-user-help@xml.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
For additional commands, email: soap-user-help@xml.apache.org
Re: Authentication for SOAP Services?
Posted by Alexander Schatten <al...@gmx.net>.
"Mark A. Richman" wrote:
> You need to create a custom provider that implements this. Please see my
> upcoming Java Developer's Journal article on this topic in June :) I may be
> nice and post the whole thing this week.
you will post it to developer journal this week? maybe you could drop me a
copy? would be very nice!!
thank you
Alex
---------------------------------------------------------------------
To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
For additional commands, email: soap-user-help@xml.apache.org
Re: Authentication for SOAP Services?
Posted by Alexander Schatten <al...@gmx.net>.
"Mark A. Richman" wrote:
> You need to create a custom provider that implements this. Please see my
> upcoming Java Developer's Journal article on this topic in June :) I may be
> nice and post the whole thing this week.
you will post it to developer journal this week? maybe you could drop me a
copy? would be very nice!!
thank you
Alex
---------------------------------------------------------------------
To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
For additional commands, email: soap-user-help@xml.apache.org
RE: Authentication for SOAP Services?
Posted by "Mark A. Richman" <mr...@ispchannel.com>.
You need to create a custom provider that implements this. Please see my
upcoming Java Developer's Journal article on this topic in June :) I may be
nice and post the whole thing this week.
Regards,
Mark A. Richman
Empire Software, Inc.
Expert Software Development & Consulting
+ Internet/Intranet/Extranet
+ E-Commerce & B2B
+ Java, C/C++, Visual Basic
+ XML, SOAP, and Web Services
+ Linux & Open-Source Solutions
+ Database Applications
+ ...and MUCH more!
http://www.empsoft.com
mark@empsoft.com
Tel: 954-234-9049
-----Original Message-----
From: Alexander Schatten [mailto:alasan@gmx.net]
Sent: Monday, April 16, 2001 6:21 PM
To: soap-user@xml.apache.org
Subject: Authentication for SOAP Services?
I guess I basically understand the Apache SOAP implementation, but I
have a problem with authentication. I guess this should be a basic
feature of a web service environment, no?
My problem is, that I want to provide adminitrative services using
Apache SOAP running in Enhydra App server, but these services obviously
are not free, but need some authentification? how should I implement
this?
any comments?
thank you
alex
---------------------------------------------------------------------
To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
For additional commands, email: soap-user-help@xml.apache.org
RE: Authentication for SOAP Services?
Posted by "Mark A. Richman" <mr...@ispchannel.com>.
You need to create a custom provider that implements this. Please see my
upcoming Java Developer's Journal article on this topic in June :) I may be
nice and post the whole thing this week.
Regards,
Mark A. Richman
Empire Software, Inc.
Expert Software Development & Consulting
+ Internet/Intranet/Extranet
+ E-Commerce & B2B
+ Java, C/C++, Visual Basic
+ XML, SOAP, and Web Services
+ Linux & Open-Source Solutions
+ Database Applications
+ ...and MUCH more!
http://www.empsoft.com
mark@empsoft.com
Tel: 954-234-9049
-----Original Message-----
From: Alexander Schatten [mailto:alasan@gmx.net]
Sent: Monday, April 16, 2001 6:21 PM
To: soap-user@xml.apache.org
Subject: Authentication for SOAP Services?
I guess I basically understand the Apache SOAP implementation, but I
have a problem with authentication. I guess this should be a basic
feature of a web service environment, no?
My problem is, that I want to provide adminitrative services using
Apache SOAP running in Enhydra App server, but these services obviously
are not free, but need some authentification? how should I implement
this?
any comments?
thank you
alex
---------------------------------------------------------------------
To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
For additional commands, email: soap-user-help@xml.apache.org