Re: WS-Security from Anne Thomas Manes on 2008-01-08 (www-ws@w3.org from January 2008)

From: Anne Thomas Manes <atmanes@gmail.com>
Date: Tue, 08 Jan 2008 08:50:27 -0500
To: "Eric Frost" <eric.frost@mp2kmag.com>
Cc: "Antonio Faria Couto" <i020501@dei.isep.ipp.pt>, www-ws@w3.org
Message-ID: <bf414ee60801080533l71b50218qc18a852497595faf@mail.gmail.com>

Hi António,

If by "router" you mean a network router operating below layer 7, see
Eric's response below.

If by "router" you mean an intermediary that operates at the
application level (such as an XML gateway, ESB, or management proxy),
these intermediaries may or may not examine the WS-Security header in
the SOAP message depending on the policies that have been defined for
the intermediary. An intermediary may perform a variety of security
functions on behalf of the target endpoint, such as authentication,
authorization, auditing, credential mapping, and message validation
and filtering. The intermediary may add its credentials to the
WS-Security header. On the other hand, an intermediary may not examine
the message at all; it can simply route the message based on load or
using a round robin algorithm, or it might simply monitor the message
and collect statistics about the message traffic.

If you'd prefer to establish a secure line through which two endpoints
can exchange multiple messages without re-authenticating each time,
you should use WS-SecureConversation. An intermediary could be
configured to help establish the secure conversation, but once the
session is set up, the ensuing conversation will go directly between
the two endpoints with no intermediaries.

Anne

On Jan 7, 2008 3:34 PM, Eric Frost <eric.frost@mp2kmag.com> wrote:
>
>
>
>
> Hi António,
>
> It does not need to authenticate in the routers, the authentication is
> encapsulated in
> packet. The routers just transmit the packets. It is part of the magic of
> TCP/IP.
>
> Eric
> http://www.mapelves.com
> http://www.windychat.com
>
>
> ----- Original Message -----
> From: "Antonio Faria Couto" <i020501@dei.isep.ipp.pt>
> To: <www-ws@w3.org>
> Sent: Monday, January 07, 2008 2:15 PM
> Subject: WS-Security
>
> Hi..
>
> When the web service message passes through several routers how it works?!
> The
> message must autenticate in all the routers?! Or should be created a secure
> line that connecting the service invoker with the servide proveider?!
>
> Best regards,
> António Couto
>
>
>
>
>
>

Received on Tuesday, 8 January 2008 13:51:05 UTC