Tokens
uLess
intrusive and somewhat less secure means of verifying the authenticity of
web service users
ØSecurity tokens placed within the message by the sender
ØWS-Security protocol allows for security tokens
§Allows senders to specify a simple username and password to
include with their message.
§The web service compares these tokens against a
set of trusted tokens to authenticate and authorize user
requests.
§Can also attach binary and XML tokens to the message in
addition to simple username and password fields.
uAdditional
means (signing tokens) should be used to ensure the integrity of the
tokens
