WSV304: Indigo security tokens stop the PasswordProvider madness

Blogger : Benjamin Ms blog
All posts : All posts by Benjamin Ms blog
Category : WSE
Blogged date : 2003 Oct 30

Steve Millet is talking about the improvements in the Indigo model for security tokens. The good news is that the madness has stopped: when a UsernameToken is validated you only need to return a bool rather than the password. WSE 1.0 and 2.0 require the password to be returned allowing WSE to work out whether they match. This was uncomfortable for several reasons, such as the fact the password might have been hashed, or just the fact that sharing the password back with the framework feels like a `boundary violation`. I`m glad that we`re seeing the end of this bizarre API practice.

Other interesting tidbits were that SAML tokens will be available in Indigo. Now, if they were only in WSE ...

Existing WSE/ASMX applications are likely to have a good upgrade path to Indigo, with similar security attributes. There are also extensibility hooks in Indigo to do custom security token handling, so there`s an upgrade path for WSE (though this is almost certainly having to write code).

Read comments or post a reply to : WSV304: Indigo security tokens stop the PasswordProvider madness

CONTENTS

Page 20171 of 20224

Newest posts



	Recent Jobs Integration Specialist Needed - Work Fro Virtualization Server Infrastructure Arc A great opportunity to Digital Video Eng here is a greate opportunity as a SMS En A great opportunity as a Network Enginee View all Jobs (Add yours) View all CV (Add yours)

	Domain Names Samsung Eternity Accessories monofilament wigs
	Partners Dream.In.Code dotNet Slackers dotNet Spider Your HTML Source VisualBuilder.com DevGuru Planet Source Code ZVON.ORG Web Design ASPAlliance XML Pitstop Scripts The Spot 4 SAP Bitshop Web Hosting

Email TopXML