Web Services Access using YADIS

Peter Davis peter.davis at neustar.biz
Thu Jul 27 13:39:29 UTC 2006


FWIW, you should take a look at the ID-WSF specs from liberty.  The
foundational framework of ID-WSF is all about using identity systems for web
services.

In particular, the Security Mechanisms and SOAP binding specs are relevant
to your use case.

=peterd


On 7/19/2006 8:58 PM, "Pat Cappelaere" <pat at cappelaere.com> wrote:

> I was talking to Brian Ellin a few weeks back...
> A cool thing to do would be to restrict/allow access to web services using
> OpenID/YADIS.
> Basically, user logs into his domain.  User want to access web service in
> another trusted domain.  This should be allowed without requiring user to
> re-login (assuming that domains have a trust relationship).
> User would pass its openid and a one-time (or time-limited) token to Server
> B.  Server B would use token to verify authentication of user by presenting
> token to originating server. Server B would also get access to profile info
> (optional but required in my case to get access to permission attributes).
> Access to web service would then be granted or not based on presented
> permissions.
> Has anyone done something like this?
> Thanks,
> Pat.
> 
> 

=peterd  ( http://xri.net/=peterd )



More information about the yadis mailing list