Since WebService requests have to travel multiple security domains, the credentials used in the inbound to a boundary server, often require transformation, before reaching the recipient.
Types of Transformation:
Types of Transformation:
- Technology -
- changing a credential from one type to another
- eg: sender might use Digital Signatures, while the receiver might use Username token.
- Naming -
- the name that represents a user might change, similar to Relationship in Process Server.
- eg: your identity to IBM can be your serial number, but to bank it can be bank account number.
To Resolve this -
- Custom developed ad-hoc code -
- Datapower can perform complex transformations - using built in functions as well as custom transformations.
- Leverage a product like TFIM (Tivoli Federated Identity Manager)
- Datapower can also connect to products like TFIM.
Rule of THUMB:
- Use Datapower - for simple credential transformation
- User TFIM -
- for complex credential transformation
- when transformation occurs in multiple places like Datapower and WAS.
No comments:
Post a Comment