A better alternative is to provide a way to continue to allow individual organizations to retain their own authentication systems and still retain the loose coupling inherent in Web services that allows organizations to establish B2B integrations. The solution is cross-domain trust enabled by SAML and contractual agreements about how one entity will trust or not trust another entity whose members present their SAML assertions.
- 6. Portable Identity, Authentication, and Authorization
- from Securing Web Services with WS-Security
- Publisher: Sams
- Released: May 2004
ok.. seems there should be contractual agreements about how one entity trusts another whose members present their SAML assestions?
Share this highlighthttp://www.safaribooksonline.com/a/securing-web-services/27413/