For info on what I would consider the emerging standard, do a Google search on WS-Security.
Today, there is a lot of hand-rolling security, usually SSL for privacy combined with one of three authentication types (1) HTTP Basic auth (which you can deal with in a J2EE-standard way), (2) SSL client certificates (great for B2B) and (3) custom application code, which may or may not hook into SSO. Cookies can be passed. The ability to manipulate the cookies from the client code was just added to CVS yesterday, I believe. Scott Nichol ----- Original Message ----- From: "Miguel Perez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 11, 2002 12:42 PM Subject: Security in Web Services? > How is security normally implemented when dealing with web services? I know > the connection from the client to the server can be sent over HTTPS. > However, how do tools like Single Sign-On tools come in to play. Can cookies > be passed from the client to the server? Where can I get more information > regarding the standardization of a security layer to web services. > > Miguel > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
