[Wsf-general] Exposing a Database as a Webservice
James Clark
james at wso2.com
Mon Feb 26 20:21:46 PST 2007
> In the first method WSAS will authenticate the user and then use the
> authorization details in it's system to do the access control. In
> this all permissions will be controlled through the security module
> inside WSAS. WSAS will login and access as itself.
>
> In the second method the user will send the authentication and
> authorization details and these details will be used when accessing
> the database. Please note the Security Token that will be used will
> not be some thing that is special to the Database service.
Can these be mixed? I would expect one common scenario would be that
- the database would have a "guest" user that would be allowed read-only
access to non-sensitive data
- when using the first method, WSAS would login and access as this guest
user
- for access that requires more privileges that the database guest user
allows, the second method would be used
James
More information about the Wsf-general
mailing list