ode-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Boisvert" <boisv...@intalio.com>
Subject Re: ode security
Date Fri, 11 Jul 2008 19:55:19 GMT
On Thu, Jul 10, 2008 at 1:08 AM, yannick guionnet <
yannick.guionnet@gmail.com> wrote:

> Could someone tells me how is managed, inside ODE, security token when a
> BPEL process
> is invoked through WebService with authentication, or at the other side
> what
> is required by ode about security propagation when invoking process through
> WS ?


There's no code in Ode to do this right now.    Current solutions (e.g.
Tempo) rely on the process and/or external services to do these checks by
passing the token in message payload.


> At the management API I don't see any constrainst on role or security,
> could we acess this api without authentication ?


Correct; at the moment the PM API is not secured from inside Ode.

alex

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message