If you have more than one customer on the VPN and you don't add WS-* security such as authentication, wouldn't you worry about customers being able to see other customer information?
Joined: Apr 29, 2012
Thank you for your fast reply!!
I'm not sure…
In the following, a few more details: We have a central authentication/authorization system. One of our most important applications is integrated (applet) into many other in-house applications. When a user wants to open the applet, the application which integrates the applet calls the central authentication/authorization system to authenticate the user.
Now, the applet should be integrated into an application hosted by one of our customers. So our central authentication/authorization system should provide a web service. As I mentioned, all our customers are connected via vpn. And of course it is possible, that other customers want to use the web service too…..
Sorry, if I have expressed myself too complicated and also for my poor English. I'm very new to all this stuff, but willing to learn:-)