The term identity-based web service in this context means web services that act on behalf of a user or are personalized with the user's data in contrast to normal web services which do not execute in the context of a particular user.
Denmark took a buffet (dare I say smorgasborg?) approach - picking and choosing from available specs and profiling them as necessary, defining:
- OIO WS-Trust Profile
- OIO WS-Trust Deployment Profile
- Liberty Basic SOAP Binding
- OIO Bootstrap Token Profile
- OIO SAML Profile for Identity Tokens
I do wonder why the discussion of the identity-based model (ie where the identity of the user is captured in a security token within the web services call) doesn't contrast this model with the so-called 'password anti-pattern'? Presumably its not the scourge in eGovernment applications that it is in Web 2.0.
3 comments:
Ah - you might want to take a look at the NSA/DISA NCES profiles then, also (released in 2008):
http://www.nsa.gov/ia/guidance/standards_profiles/index.shtml
Gerry, thats interesting and all but Im not sure what it has to do with me and my family getting a holiday in Copenhagen?
Please try to stay focussed
Paul
Darn - I thought you *were* talking about baking goods... I will have to read things more carefully.
Post a Comment