[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Public Comment
Comment from: richard.perks@bea.com Name: Richard Perks Title: Principal Consultant Organization: BEA Systems Regarding Specification: WSRP 2.0 In a WSRP architecture involving producers from different vendors, how is security performed? The 1.0 specification does not account for security and we (BEA) have our own SAML implementation for propagating a users identity to the producer. For a heterogeneous producer architecture, what are the options? I can't see we have one in v1.0. For 2.0, the specification also seems vague. It defers to using other web service standards but doesn't really mandate anything as far as I can tell. We could assume everyone would adopt WS-Security, but will this be consistent across vendors? If the specification does not mandate the specific rules for WS-Security (token type, auth method etc) then this will lead to an interoperability issue.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]