Siebel CRM Web Services Reference > Siebel CRM Web Services Overview >
About Siebel Web Service Authentication and Performance
In implementations where scalability is critical, a lightweight context management facility for authentication is available and its use is recommended. With this facility, authentication is managed using a combination of user credentials and a sessionID token:
- When user credentials are presented in the SOAP header of a Web service request, formal authentication is performed prior to the application execution of the Web service operation. If the authentication succeeds, the operation proceeds and a special SessionID token are placed in the SOAP header of the Web service reply.
- Whenever the SessionID is included by the client in subsequent Web service requests, that SessionID will be used to restore cached session information, thus bypassing the substantially more expensive process of re-executing the authentication. Note that, when presented with both the SessionID and a valid set of user credentials, an attempt will be made to use the SessionID before resorting to the user credentials and re-authentication. As expected, the session that is being tracked by the SessionID is subject to expiration and other security checks.
The facility is a distinct alternative to the basic authentication standard described by WS-Security. Using the UserName token as provided in WS-Security, while fully supported as part of Siebel's WS-I Basic Profile compliance, will not yield the same benefit as using the higher-performance session optimization facility provided by the Siebel implementation.
For detailed information on authentication and security see Integration Platform Technologies: Siebel Enterprise Application Integration.