SOA Service Design / Authentication

前端 未结 2 1478
猫巷女王i
猫巷女王i 2021-02-06 06:39

I\'m rather new to SOA and therefore experimenting around.

Currently, the part that creates the biggest problem to me is authentication, my current thought about it invo

相关标签:
2条回答
  • 2021-02-06 06:46

    The best approach should be like this if all the services are internal,

    1. The authentication service issues a token the the service client.
    2. Service client includes the token in the SOA message wrapped in WS-Security or something similar.
    3. The service should validate the token with authentication service before providing the service.

    For external services, I suggest you look at federated solutions like SAML.

    0 讨论(0)
  • 2021-02-06 07:01

    Don't do premature optimization. Your option no. 3 which you acknowledge will be more complicated to implement is unnecessary. Choose option no. 2 if that's what you can implement fast. You can profile later and change it, but I'd bet money that you won't have a 'bottleneck' when going with option 2.

    0 讨论(0)
提交回复
热议问题