Federated security in webservices across trusted domains
Want to know how to build federated security in Web Services across trusted domains with WSIT?
See this screencast to learn how.
References:
WSIT, is a short name for Web Services Interoperability Technology, an integrated part of GlassFish v2 M4.It's an open source implementation of key WS-* technologies and provide first class interoperability between Sun's Web services stack and Microsoft Windows Communication Foundation, an integrated part of .NET 3.0 framework.
WS-Trust specifies a framework for broker trust across different security domains.
For introduction about using Netbeans, and introductory samples on creating and testing webservices using Netbeans and the WSIT, I encourage you to see Arun's screencasts.
Posted at 06:37PM Apr 27, 2007 by Manveen Kaur in Sun | Comments[5]
STS to the rescue
New to WS-Trust? Not sure what an STS is?? Read on.
Let's say there is a special service "A" you really really want to talk to - the problem is it accepts only SAML 1.1 tokens, and all you have to offer is a X.509 certificate... so what do you do?
An STS or a "Security Token Service" can save your day. Want to know how?
When you present your X.509 Token to your special Service "A", it will redirect you to a Security Token Service or STS "B" it trusts. Luckily for you, STS "B" verifies and accepts your X.509 Token, and in response, issues a SAML 1.1 Token. In simple words, its verified that you are who you say you are and offers you a token in exchange for the one you presented. (Ofcourse STS "B" has to know what to offer you in exchange).
Now you can use the SAML1.1 token to talk to the service.
In other words, STS is a service that is trusted by both the client and the Web service and provides interoperable security tokens.
STS to the rescue!Check out Glassfish for the latest WS-Trust implementation!
Posted at 03:47PM Apr 10, 2007 by Manveen Kaur in Sun | Comments[0]
A picture is worth a thousand words
For those of us who are tutorial-challenged and find it boring to go through lengthy manuals or tutorials to learn something new, a screencast or a writeup with pictures is a life-saver.
Shyam's written a nice blog about Developing Trust applications using Netbeans. It has nice snapshots of screen captures and explains the topic well.
A picture is worth a thousand words....Posted at 11:37AM Apr 06, 2007 by Manveen Kaur in Sun | Comments[0]