Re: SOAP application level authentication - how?!?
Wednesday, February 13, 2002 10:37 PM
I'm in the process of investigating this same issue.
From what I've read, there are a couple of ways to do it.
One new way is to embed SAML tags in your SOAP message. The SAML tags just specify the security credentials of the user. On the server side, the SAML tags are parsed and used to authenticate and authorize the user and the action to perform.
I believe server-side software will emerge very quickly to do precisely what I've described above. You shouldn't have to write this code. Netegrity makes a new product called TransactionMinder that will protect and authenitcate users against their LDAP Policy store.
This subject needs more research and exploration. Not many people address it since it's the not-so-pretty aspect of Web Services.