You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ode.apache.org by yannick guionnet <ya...@gmail.com> on 2008/07/10 10:08:57 UTC

ode security

Could someone tells me how is managed, inside ODE, security token when a
BPEL process
is invoked through WebService with authentication, or at the other side what
is required by ode about security propagation
when invoking process through WS ?

At the management API I don't see any constrainst on role or security, could
we acess this api without authentication ?

Tanks for your help
Yannick

Re: ode security

Posted by Alex Boisvert <bo...@intalio.com>.

On Thu, Jul 10, 2008 at 1:08 AM, yannick guionnet <
yannick.guionnet@gmail.com> wrote:

> Could someone tells me how is managed, inside ODE, security token when a
> BPEL process
> is invoked through WebService with authentication, or at the other side
> what
> is required by ode about security propagation when invoking process through
> WS ?

There's no code in Ode to do this right now.    Current solutions (e.g.
Tempo) rely on the process and/or external services to do these checks by
passing the token in message payload.

> At the management API I don't see any constrainst on role or security,
> could we acess this api without authentication ?

Correct; at the moment the PM API is not secured from inside Ode.

alex