Re: Communicated-Key/Token for SOAP Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Checkout oAuth, to either see how they used it, or for the algo's

http://oauth.net

Kyle

On Sun, Jun 22, 2008 at 7:53 AM, Steve Finkelstein <sf@xxxxxxxxxxxxx> wrote:

> Hi all,
>
> I'm working on a relatively straight forward Web API that'll have a
> SOAP presence.  The most secure way of going about doing
> authentication would be undoubtedly client-certificate authentication.
>  I have been able to implement such a service straight forward as
> there is plenty of documentation out there covering how to do so.  I
> have some clients who're reluctant to manage client certificates at
> this point in time, and do prefer a communicated-key authentication,
> very similar to what Amazon and a few of the other big boys do.  I'm
> having a bit of a difficult time coming up with multiple solutions as
> to how to properly implement this for my service besides stuffing a
> random hash into my database and making them send it to me over SSL
> through their message payload.  I can then compare the hash against
> what's in the database + their IP, or something else.
>
> Would anyone be able to suggest some algorithm for the way I'm
> handling the tokens that's more secure and less "brute-forcible" than
> the methodology I described above?  My objective in this exercise is
> not to only authenticate who's sending me the SOAP envelope, but also
> to ensure that whatever token/key system I implement is not open for
> very simple brute force.  If they're able to knock down my brick
> house, I have other problems --- but I definitely want to build that
> brick foundation.
>
> Suggestions, web articles, books etc., are all welcome!
>
> Thank you for any advice from you avid web service gurus.
>
> /sf
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux