Web Services Security
Model
There are 2 levels of security as it applies to securing
web services with the FileHold API.
Level 1 Web Service Security Token for Authentication
- Security tokens are used by all publicly available web services
to provide for secure authentication to all web methods it contains. A
unique security token is provided to the client for each web service it
requires to access. The token is provided to the user only on successful
authentication to the FileHold server.
Level 2 Web Method Authorization - All web methods that
are considered potentially hazardous (for example the web method for deletion
of files in the FileHold Library) are protected by a second level of security
and require a users credentials to be authorized against the FileHold
server before the operation can be completed. This provides security in
the use case where a user that does have access to a valid FileHold user
account (and therefore security token) is restricted to only impacting
files they are authorized to access in the library.
|
