xml-soap-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George I Matkovits <matkovi...@uswest.net>
Subject Re: Authentication and SOAP
Date Sat, 19 Aug 2000 04:30:17 GMT
I just finished https extensions to SOAP and will start on
1.) authentication
2.) payload signing for non repudiation
IMHO a client Certificate would be the best solution to (1). This could also be
used for (2). What do you think, please?
Basic Authentication would work OK over an encrypted https connection but where
would you keep 'securely' the client credentials since SOAP will have to work in
'batch' mode also, without any human intervention. (-: A 'properties' file
approach could only work with encrypted entries. I have done this once before on
NT for a batch job submission application about 5 years ago which is still in
use. Even an encrypted properties file needs a key which is very difficult to
keep secret in an open OS environment. I managed to make it work on NT but I
would not know how to do it on Unix -Linux- unless I would use its SUI
capability which IMHO stinks!)
Regards - George

Craig Payne wrote:

> I have recently begun using the Apache SOAP implementation and I am
> wondering how people handle the authentication process that is available in
> the HTTP protocol?  I am trying to use the Apache implementation but I need
> to use Basic Authentication.  After perusing the source code, it looks I can
> could populate the message with appropriate HTTP headers in the invoke()
> method of Call.  I am wondering what the best way to handle authentication
> is and if others have already solved this?
> Thanks for the help,
> Craig

View raw message