Skip to main content

A Discussion on Securing Web Services With OpenSSO

Posted by marinasum on September 15, 2008 at 8:20 AM PDT

In a recent interview with Sun Developer Network, Sun technical product manager Sidharth Mishra explains the difference between Web services and Web applications and the reasons why traditional security mechanisms, such as SSL and TLS, are not adequate for protecting the data interactions among Web services. He then discusses the standards that OpenSSO supports to ensure message-level security: Notably, OpenSSO acts as a Security Token Service (STS) in enabling trust between Web-service consumers and providers.

OpenSSO, aka Sun Java System Access Manager, is fast gaining momentum as an open-source project for managing single sign-on, federation, and secure Web services. Do check it out!

Related Topics >>

Comments

Hi, Kumar, Pat Patterson in the OpenSSO team now has your question and will post a response here. Stay tuned please. Marina

Hi Marina, Can you please let me know or pass my question up... I am using PKI Authentication in OpenSSO and now i want to do SSO for Sharepoint. The plug-in what is available replaypassword works only if we have AD authentication module... Can anyone give me ideas about how to go about it... Thanks Kumar

Hi kumar1312 - I saw your other messages to the OpenSSO forum. Did you get this one answered ok in the end?

Hi, kumar1312, I've passed on your question to the OpenSSO team for a response. Stay tuned please. Incidentally, you can post questions regarding OpenSSO on the related Sun forum at http://forums.sun.com/forum.jspa?forumID=760. Marina

Hi Marina, I have Sharepoint protected by IIS Policy Agent. Now after authentication with OpenSSO, Sharepoint needs to collect information from WebServices and present to the user. Can you please guide me how to go about it... How to secure web services in OpenSSO. Thanks