What are the best ways to provide a secure communication between two web applications? Here the communication is uni-directional, i.e. ABC web app can communicate with XYZ web app, not the other way around, and the XYZ should trust the requests that are coming in from ABC....this communication must be very secure.
I know some ways to achieve this, like using web services (JAX-RPC or JAX-WS, SOAP, REST, AIX1 or AIX2), JMS Queues/Topics or simple Servelet.
Other than the above, are there any better ways to achieve this?, like writing our own distributional api and sharing it with the other (example twitter4j)?
If these are the only ways, then please let me know which one is the best one?
Exactly where are these two applications loacated?
1. Same server instance
2. Same physical machine, different servers
4. different planets....etc etc
Joined: Dec 08, 2009
These two applications are located in a two different server machines and they are in internet. The scenarios is something like this.
There is an insurance provider who wants to give access to secured pages to users of third party websites which acts as agents for insurance provider for selling their policies.
If a user bought a policy through a third party website when he logs into that site and wants to see the policy details which are present in a insurance provider site that user must re-directed to the policy details page of insurance provider website without any prompt log in or any.
Insurance provider does this only if it trusts the source of the request and whatever data is transmitted between these websites must be encrypted.
Author and all-around good cowpoke
Joined: Mar 22, 2000
Given the requirement for authentication and encryption, I would say that a SOAP style server and client will do the trick.
No, here the user must be redirected to insurance provider website, but incase of websiervice request, I would get the response to my website and can display the details in my website only, the requirements is not that!! The information must flow in one direction i.e from third party website to provider's website, there after user will be browsing in that website only, I should allow only the users that are coming from selected and trusted third party websites.