You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ode.apache.org by yannick guionnet <ya...@gmail.com> on 2008/07/10 10:08:57 UTC
ode security
Could someone tells me how is managed, inside ODE, security token when a
BPEL process
is invoked through WebService with authentication, or at the other side what
is required by ode about security propagation
when invoking process through WS ?
At the management API I don't see any constrainst on role or security, could
we acess this api without authentication ?
Tanks for your help
Yannick
Re: ode security
Posted by Alex Boisvert <bo...@intalio.com>.
On Thu, Jul 10, 2008 at 1:08 AM, yannick guionnet <
yannick.guionnet@gmail.com> wrote:
> Could someone tells me how is managed, inside ODE, security token when a
> BPEL process
> is invoked through WebService with authentication, or at the other side
> what
> is required by ode about security propagation when invoking process through
> WS ?
There's no code in Ode to do this right now. Current solutions (e.g.
Tempo) rely on the process and/or external services to do these checks by
passing the token in message payload.
> At the management API I don't see any constrainst on role or security,
> could we acess this api without authentication ?
Correct; at the moment the PM API is not secured from inside Ode.
alex