DOT NET & J2EEOct 24 2003 03:15PM avishver (yram netvision net il)
Hello,
I have an apllication that uses browser on XP for the presentation,travel
to IIS6 on WIN03 for presentation logic, and ends up on
IBM Websphere on IBM MainfraMe: EJB's for the business logic.
The user authenticates against Active Directory 2003 when activating the
browser.
Several questions froM security point of view about the
dot net <--> websphere connection:
- What are the pros & cons to use MQseries / HTTP / RMI bridge ?
- What is the practical way to iMpleMent end to end user id propogation:
kerberos ticket ? ssl client certificate ? plain userid ?
Note that on the websphere side I would like to use
role base access control on the EJBs, and yet using the
authenticated uid for authorization checking.
- What is the preffered audit MechanisM that will be able to
give unified audit trail on both environMents.
Thanks alot
Avi Shvartz
<<< You can't be a real country unless you have a beer and an >>>
<<< airline. It helps if you have some kind of a football >>>
<<< team, or some nuclear weapons, but at the very least you >>>
<<< need a beer. >>>
<<< Frank Zappa >>>
<<<< "Children", I say plainly, "watch out for the baobabs!" >>>>
<<<< The Little prince by Antoine de Saint Exupery. >>>>
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
I have an apllication that uses browser on XP for the presentation,travel
to IIS6 on WIN03 for presentation logic, and ends up on
IBM Websphere on IBM MainfraMe: EJB's for the business logic.
The user authenticates against Active Directory 2003 when activating the
browser.
Several questions froM security point of view about the
dot net <--> websphere connection:
- What are the pros & cons to use MQseries / HTTP / RMI bridge ?
- What is the practical way to iMpleMent end to end user id propogation:
kerberos ticket ? ssl client certificate ? plain userid ?
Note that on the websphere side I would like to use
role base access control on the EJBs, and yet using the
authenticated uid for authorization checking.
- What is the preffered audit MechanisM that will be able to
give unified audit trail on both environMents.
Thanks alot
Avi Shvartz
<<< You can't be a real country unless you have a beer and an >>>
<<< airline. It helps if you have some kind of a football >>>
<<< team, or some nuclear weapons, but at the very least you >>>
<<< need a beer. >>>
<<< Frank Zappa >>>
<<<< "Children", I say plainly, "watch out for the baobabs!" >>>>
<<<< The Little prince by Antoine de Saint Exupery. >>>>
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
------------------------------------------------------------------------
---
[ reply ]