Chapter 4. Claiming and verifying identity with passwords
This chapter covers
- Password-based authentication
- Plain-text passwords
- Digest authentication
As you saw in the previous chapter, the SOAP specification allows headers to be used for extending SOAP. WS-Security defines standard security headers for SOAP. In the first demonstration of WS-Security, we sent a username in a standard header. We also discussed the code behind that demonstration.
Sending the username along with the request is one way to claim identity. Most services require a user to establish his identity before his requests are served. This is because:
- Security restrictions require that services be provided only to authorized users. While it is not always necessary to ...
Get SOA Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.