File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security Question: Web Service using VPN

 
Sara Bento
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am planning to develop a web service available to our customers. Our customers are connected via vpn. The web service will handling highly sensitive information.

Now I am wondering if I have to implement message level security in addition to vpn?!?

Many thanks in advance,
Sara
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13045
6
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you have more than one customer on the VPN and you don't add WS-* security such as authentication, wouldn't you worry about customers being able to see other customer information?

Bill
 
Sara Bento
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for your fast reply!!

I'm not sure…

In the following, a few more details: We have a central authentication/authorization system. One of our most important applications is integrated (applet) into many other in-house applications. When a user wants to open the applet, the application which integrates the applet calls the central authentication/authorization system to authenticate the user.

Now, the applet should be integrated into an application hosted by one of our customers. So our central authentication/authorization system should provide a web service. As I mentioned, all our customers are connected via vpn. And of course it is possible, that other customers want to use the web service too…..

Sorry, if I have expressed myself too complicated and also for my poor English. I'm very new to all this stuff, but willing to learn:-)

Thank you very much in advance,
Sara
 
Roger Sterling
Ranch Hand
Posts: 426
Eclipse IDE Fedora Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sara - what you need is something called RBAC (Role-based Access Control). This allows only the principles to see their own information and not the others.

http://en.wikipedia.org/wiki/Role-based_access_control
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic