Friday Apr 27, 2007

Federated security in webservices across trusted domains

Want to know how to build federated security in Web Services across trusted domains with WSIT?

See this screencast to learn how.

References:

WSIT, is a short name for Web Services Interoperability Technology, an integrated part of GlassFish v2 M4.

It's an open source implementation of key WS-\* technologies and provide first class interoperability between Sun's Web services stack and Microsoft Windows Communication Foundation, an integrated part of .NET 3.0 framework.

WS-Trust specifies a framework for broker trust across different security domains.

For introduction about using Netbeans, and introductory samples on creating and testing webservices using Netbeans and the WSIT, I encourage you to see Arun's screencasts.

Tuesday Apr 10, 2007

STS to the rescue

New to WS-Trust? Not sure what an STS is?? Read on.

Let's say there is a special service "A" you really really want to talk to - the problem is it accepts only SAML 1.1 tokens, and all you have to offer is a X.509 certificate... so what do you do?

An STS or a "Security Token Service" can save your day. Want to know how?

When you present your X.509 Token to your special Service "A", it will redirect you to a Security Token Service or STS "B" it trusts. Luckily for you, STS "B" verifies and accepts your X.509 Token, and in response, issues a SAML 1.1 Token. In simple words, its verified that you are who you say you are and offers you a token in exchange for the one you presented. (Ofcourse STS "B" has to know what to offer you in exchange).

Now you can use the SAML1.1 token to talk to the service.

In other words, STS is a service that is trusted by both the client and the Web service and provides interoperable security tokens.

STS to the rescue!

Check out Glassfish for the latest WS-Trust implementation!

Friday Apr 06, 2007

A picture is worth a thousand words

For those of us who are tutorial-challenged and find it boring to go through lengthy manuals or tutorials to learn something new, a screencast or a writeup with pictures is a life-saver.

Shyam's written a nice blog about Developing Trust applications using Netbeans. It has nice snapshots of screen captures and explains the topic well.

A picture is worth a thousand words....
About

manveen

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today