Secure Web Services
Artix supports HTTP Basic Authentication, HTTP(S), secure MQSeries queues, and IIOP/TLS (ie, secure CORBA).
HTTP Basic Authentication and HTTPS
Artix Encompass supports HTTP Basic Authentication on both the client/sender side and the server/receiver side. It exposes the HTTP Username and Password as transport-level attributes, and allows rules to be defined in the service contract based on the values of the transport attributes. For example,
- Message routing decisions can be made based on the username and password attributes.
- Incoming security attributes (like username and password) can be propagated to the outgoing transport attributes.
- SOAP message handlers can be written that access and process the username and password in some application specific manner.
Artix Encompass also supports HTTPS over the secure sockets layer (SSL) or transport layer security (TLS) protocol. Artix's HTTPS support includes support for X.509 certificates. It provides the full range of HTTPS security attributes, including attributes for Client and Server Certificates, Client and Server Private Keys, and Client and Server Private Key Passwords.
Security principle propagation
Artix also provides end-to-end user authentication by supporting �security principle propagation� across different transports. As an example, Artix can propagate information from the caller's X.509 certificate to the IIOP security principal. More specifically
- For SOAP/HTTPS, Artix is able to read the security principle data from either an HTTP header, a pre-defined SOAP header (including Kerberos), or from the caller's X.509 certificate
- For SOAP over MQSeries, Artix is able to read the security principal data from the SOAP header and write the security principal to the outgoing SOAP header
- For IIOP/TLS, Artix is able to read the IIOP principal from an incoming IIOP message, and pass this on to the server using either an IIOP principal or Service Context. If no principal is present then Artix can read the Common Name of the caller's X.509 certificate and use this as an outgoing principal
Role-Based Access Control
Artix Encompass supports Role-Based Access Control based on security credentials stored in an Enterprise Security System like SiteMinder or LDAP.
In particular, the Artix Encompass HTTPS transport can be configured to automatically extract and authenticate the HTTPS Username and Password against an Enterprise Security System. Service invocations that cannot be authenticated are rejected.
IN DEVELOPER CENTER...
Related Content
Need More Info?
Feel free to reach us by phone or email anytime of the day.
> View Phone Numbers
> Contact Us Form