Web Services Access using YADIS
Peter Davis
peter.davis at neustar.biz
Thu Jul 27 13:39:29 UTC 2006
FWIW, you should take a look at the ID-WSF specs from liberty. The
foundational framework of ID-WSF is all about using identity systems for web
services.
In particular, the Security Mechanisms and SOAP binding specs are relevant
to your use case.
=peterd
On 7/19/2006 8:58 PM, "Pat Cappelaere" <pat at cappelaere.com> wrote:
> I was talking to Brian Ellin a few weeks back...
> A cool thing to do would be to restrict/allow access to web services using
> OpenID/YADIS.
> Basically, user logs into his domain. User want to access web service in
> another trusted domain. This should be allowed without requiring user to
> re-login (assuming that domains have a trust relationship).
> User would pass its openid and a one-time (or time-limited) token to Server
> B. Server B would use token to verify authentication of user by presenting
> token to originating server. Server B would also get access to profile info
> (optional but required in my case to get access to permission attributes).
> Access to web service would then be granted or not based on presented
> permissions.
> Has anyone done something like this?
> Thanks,
> Pat.
>
>
=peterd ( http://xri.net/=peterd )
More information about the yadis
mailing list