wsdm message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [wsdm] Security Question: MOWS: Managing Secure Web services
- From: "Jeff Bohren" <jbohren@opennetwork.com>
- To: "Heather Kreger" <kreger@us.ibm.com>,<wsdm@lists.oasis-open.org>
- Date: Sat, 5 Jun 2004 21:45:04 -0400
Title: Message
Similar to the other thread, I would have the following
categories:
Configuration:
Transport level authentication settings
PKI Info (server cert, trusted CAs, CRLs)
TLS Configuration
HTTP restrictions (allowed verbs, etc)
SOAP specific security settings
Metrics:
Successful Authentications (total, per time period,
etc)
Failed Authentications
Successful Authorizations
Failed Authorizations
Notifications:
Failed Authentications
Failed Authorizations
Policies:
Access control rules
One
intersting question to me is whether the transport level security is managed on
the same resource as the SOAP security? In other words a SOAP/HTTPS endpoint
could have security at the transport level (via HTTPS, Basic Auth, etc) and at
the SOAP level (WSS). Is this considered the same WSDM resource, or is there one
resource for the HTTPS endpont and one for the SOAP end
point?
Jeff Bohren
Product Architect
OpenNetwork Technologies,
Inc
Try the
industry's only 100% .NET-enabled identity management software.
Download your free copy of Universal IdP Standard Edition today. Go to
www.opennetwork.com/eval.
per our call today, I'm
starting this email thread on managing policies for secure Web services.
Given that security can be managed for 'any IT
resource' using WSDM, are there specific additional
requirements
when that IT resource is a Web
service?
Heather Kreger
STSM, Web Services Lead Architect for SWG Emerging
Technologies
Author of "Java and JMX: Building
Manageable Systems"
kreger@us.ibm.com
919-543-3211 (t/l 441)
cell:919-496-9572
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]