The Secured Enterprise - Leverage OpenID with Web Services

Date: Thu, 23rd Jul, 2009
Level:
Reads: 3929 Comments: 1 | Login or register to post comments


Prabath SiriwardanaPrabath Siriwardana gives out a presentation on adding authentication and fine grained authorization for Web services using an open source alternative to Microsoft Geneva at OSCON 2009.

SOA security needs to be by design, not an afterthought. This session by Prabath Siriwardana (WSO2 Technical Lead for WSO2 Identity Server) demonstrates implementing Message Interceptor Gateway security pattern with WSO2 ESB, WSO2 WSAS and WSO2 Identity Server - together with the OpenID/Information Cards integration pattern at the front end. The Message Interceptor Gateway pattern provides a single entry point and allows centralization of security enforcement for incoming and outgoing messages.

About the Presentor: Prabath is a Technical Lead at WSO2. As the project lead of the WSO2 Identity Sever, he works on various security related technologies including OpenID and XACML. He also contributes to cross product developments of the WSO2 Web Services Application Server and the WSO2 ESB. Prabath has over 5 years industry experience working on Java and .NET related technologies.

buddhikaa's picture

Accessing WSO2 Registry with OpenID

Submitted by buddhikaa on August 30, 2009 - 20:42.
I have a scenario where it is necessary to access documents within WSO2 Registry via an OpenID sign on, with WSO2 Identity Server acting as a Identity Provider. This has to be done within a desktop app by providing initial credentials to that app, so no browser involvement is preferred. Is there a way this can be achieved? Are there any web service API's exposed to achieve this kind of authentication within Registry and Identity Server? I am totally new to OpenID and WSO2 Registry itself so I may have missed something or may be having wrong conceptual knowledge. Any help in this regard is highly appreciated.