Sun OpenSSO Enterprise 8.0 Deployment Planning Guide

Analyzing the Deployment Architecture

In this deployment example, messages are exchanged using the SOAP protocol to transfer security tokens between the communicating web service client and web service provider entities. The web service security providers can work independently of the OpenSSO Enterprise instance which is deployed as security token service. Web service security providers can secure the SOAP message by obtaining the security tokens from a vendor-neutral security token service.

The following are the major components in this deployment example:

The following figure illustrates the deployment architecture for using OpenSSO Enterprise to secure a web-based calendar service.

Figure 11–3 Deployment Architecture for Web Service Security Using Secure Token Service

Web Service Client communicates through OpenSSO
Enterprise Security Token Service.

In this deployment example, a company employee has a user account in the Example Company identity system. The employee wants to access an internal calendar application to view a calendar service. The calendar application is part of the Example Company portal. All Example Company employees are required to authenticate themselves before accessing this internal portal. Additionally, the individual employee's credentials, such as role or group membership, must be validated before the employee can access the calendar application service.

The calendar application, on the employee's behalf, securely supplies the employee's credentials to the remote calendar web service.

The following two figures illustrate the process flow for a Web Service Security using Secure token Service.

Figure 11–4 Process Flow for Web Service Security Using Secure Token Service (Continued on next page)

Text-based, needs no further explanation.

Figure 11–5 Process Flow for Web Service Security Using Secure Token Service (Continued)

Text-based, needs no further explanation.