13.5. WS-Authorization
The purpose of WS-Authorization is to describe how access policies for a Web service are specified and eventually managed. The goal is to describe how claims can be specified within security tokens, and how these claims will be interpreted at the endpoint.WS-Authorization is designed to be flexible and extensible with respect to both authorization format and authorization language. This enables the widest range of scenarios and ensures the long-term viability of the security framework.WSS: SOAP Message Security defines the basic mechanisms for providing secure messaging, and for carrying security tokens that represent a set of claims. WS-Authorization uses these basic mechanisms, and defines additional primitives and extensions for security token exchange to enable the issuance and dissemination of credentials regarding authorization within different trust domains.To protect information assets, a service provider needs to ensure that the accessing requester is qualified. WS-Authorization defines extensions to WS-Trust for issuing and exchanging authorization tokens. Using these extensions, applications can engage in secure communication designed to work with the general Web services framework, including WSDL service descriptions and SOAP messages.To achieve this, WS-Authorization reuses headers and elements defined by the WS-Trust specification to request authorization tokens and manage authorization policies. An authorization token is a kind of security token, and therefore it is possible to reuse the existing Web service infrastructure that deals with security tokens. |
لطفا منتظر باشید ...
