We build web services that are for consumption by known third-parties. We tend to

Question

0

Editorial Team

Asked: May 23, 20262026-05-23T06:02:27+00:00 2026-05-23T06:02:27+00:00

We build web services that are for consumption by known third-parties. We tend to

0

We build web services that are for consumption by known third-parties.

We tend to implement very basic security that involves:

A known token ID which we communicate to both parties
Restrict access to known subset of IP addresses
Secure the transport layer via SSL

I’m not comfortable with this, but implementing Federated Security (using WIF/ADFS 2) is VERY complex! How can I justify using this tech – what is fundamentally wrong with the above approach?

I realise that the web service (which might expose sensitive data) is now only as secure as the token, but so would a username/password combo.

Thanks
Duncan

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T06:02:27+00:00

Editorial Team

2026-05-23T06:02:27+00:00Added an answer on May 23, 2026 at 6:02 am

To improve or replace the common token i would use some client/server certificate authentification. You will use SSL anyway and client certificate gives some more features

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

We build web services that are for consumption by known third-parties. We tend to

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply