|
12.5. Federating Multiple Security DomainsWeb services technology is often used to integrate several existing applications available on the network. These applications might be extremely diverse in terms of hardware, operating systems, middleware, and in their configurations. In addition, they might reside in different security domains that have different security policies and are dependent on different security infrastructure, such as PKI and Kerberos. This example assumes that each "site" has its own security infrastructure. The infrastructure might be very rigorous, such as Kerberos, or ad hoc, using simple user ID and password databases. It is also assumed that a well-known, in-network security provider, such as a trusted certificate authority, is available in the network. To date, translating security information from one system in one security domain to another system in another security domain has not been easy. To solve this problem, standard syntax and semantics to express the security information, and rules to translate it, are required. Although WS-Security as it is defined today does not solve all these issues, it is certainly a firm step in that direction, thanks to its flexibility and extensibility. WS-Security helps solve these problems by defining the following:
|
|