This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I'm new to the subject WebServices security. Various tutorials mention that a SOAP message can carry username/password, using the tags < wsse:Username > , < wsse assword >.
I was wondering if the standard would allow me to send a group (or role), *instead* of username/password ? I am going through an SSO system, so I don't need the password anymore (my systems trust each other). But I would like to send the user role, something like: