Tuesday Jun 18, 2013

REST security and Federation - 11g

In my previous blog post on REST security I talk about how one could do identity propagation. That post generated some comments around how one could do federation for REST services.

The short answer is it depends on the type of client:

a) For non-browser type of clients - you can leverage an STS for doing federation for REST similar to SOAP services.

b) For browser type of clients - you could leverage Web Federation models.

STS based REST federation:

REST security federation

In this model however you will need to create a SOAP RST/RSTR to talk to an STS. There are some recent standards where you can talk to Security services that provide equivalent functionality as STS via REST binding instead of SOAP binding (Open ID Connect, etc). [Note: These are currently not supported by Oracle.]

About

In this blog I will discuss mainly features supported by Oracle Web Service Manager (OWSM).

Search

Categories
Archives
« June 2013 »
SunMonTueWedThuFriSat
      
1
2
3
4
5
6
7
8
10
11
12
13
14
15
16
17
19
20
21
22
23
24
25
26
27
28
29
30
      
Today