axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manjula Peiris <manj...@wso2.com>
Subject Re: Rampart question
Date Fri, 07 Dec 2007 09:41:57 GMT
On Fri, 2007-12-07 at 14:21 +0530, Kaushalye Kapuruge wrote:
> Manjula Peiris wrote:
> > On Thu, 2007-12-06 at 15:35 -0500, Subra A Narayanan wrote:
> >
> >   
> >> 1. How is role based authorization handled in Rampart? The Username
> >> and password (basic or digest) just provide a way to authenticate the
> >> user, but not authorize.
> >>     
> >
> > Following will help.
> > http://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario2
> > http://wso2.org/library/2702#ut
> >
> >
> >   
> >> 2. Is there anyway in Rampart/Axis2C to pass down the username from
> >> the UsernameToken to the webservice code (after the username and
> >> password have been authenticated) so that the webservice can then use
> >> the username to determine if a user is authorized to access a
> >> particular resource or not. 
> >>     
> >
> > AFAIK there is no mechanism for that. IMHO it is not a resposibility of
> > the security handler. But if you want that you can improve your web
> > service so that client can send them in the soap message body. Further
> > you can encrypt the body using rampart so that the information in the
> > body is confidentially protected.
> >   
> Hmm.. encryption wouldn't help the authorization.

Actualy I suggest a way of passing the username and password used in
rampart UT to the service using current rampart/C features. Not about
using encryption as an authorization mechanism.

-Manjula


>  It MUST be a set of 
> rules/credentials based on the name(or any unique identifier) of the 
> user. On the other hand SAML(Security Assertion Markup Language) 
> provides an improved way to authorize a particular user. Unfortunately 
> at the moment Rampart/C doesn't support SAML.
> -Kau
> > -Manjula. 
> >
> >   
> >> Thanks for the help!
> >>
> >> Subra
> >>     
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> >
> >
> >   
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org


Mime
View raw message