Intel® SOA Expressway as a Secure Token Service for Lightweight Clients

Most of you are familiar with deploying Intel® SOA Expressway as an XML gateway for protecting your SOAP and REST services.   You might be interested in reading a very interesting use case written up by Ritu Kama where Intel SOA Expressway acts as a Secure Token Service (STS) for a lightweight client requestor.

While a formal STS generally assumes WS-Trust aware clients and SOAE can support that, this need not be the case and imposes additional requirements on a lightweight client. Instead of a formal WS-Trust request, the client can pass a simple credential in the form of a username/password token and retrieve the proper token for the web service they are trying to access. As long as we are sticking with common standards such as HTTP, HTTP Basic Authentication and SSL, WS-Trust isn’t necessary for simple cases.  In the model proposed in Ritu’s post, Expressway is acting as a STS used to broker the authentication between a lightweight client and web service requiring a SAML assertion.

http://software.intel.com/en-us/blogs/2010/09/21/intel-soa-expressway-as-secure-token-service-for-lightweight-clients/

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 139 other followers

%d bloggers like this: