Inbound and Outbound Authentication

Both the inbound and outbound SCI interfaces use a username password token for authentication. Authentication is required for inbound and optional for outbound.

For inbound commands, the client must add a SOAP header to every message sent to the library to provide the username password token in clear text. Therefore, the client program must have access to and securely manage these credentials. The most secure method is to not store the credentials, but to have the client program prompt the user when necessary. A client program should avoid taking these values as command line arguments because system monitoring tools may display command line arguments. If the client program must store the credentials, do so in a secure manner, such as using a java wallet.

If you choose to implement authentication for the outbound interface, the server must extract the username and password from the SOAP header and use them to perform authentication.

The details of how to insert these values into the message or extract them from the message are specific to the programming language used on the client-side and the WSDL processor used to generate the stubs. The following is a sample inbound request:

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:v1="http://v1_0_0.webservice.librarycontroller.summit.acs.tape.oracle/">
  <soap:Header>
    <wsse:Security
     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsse:UsernameToken wsu:Id="UsernameToken-98F0D229E2F29CEF1514779315276651">
        <wsse:Username>username</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0
         PasswordText">password</wsse:Password>
      </wsse:UsernameToken>
    </wsse:Security>
  </soap:Header>
  <soap:Body>
    <v1:ping/>
  </soap:Body>
</soap:Envelope>