On 23/2/08 15:28, "Steven Newhouse" <Steven.Newhouse@microsoft.com> wrote:
* Handling Authorization for the BES Port types
...
The BESManagement port type does not throw any (authorization) faults. Authentication and authorization is provided by the container. A deployment therefore specifies who has access to the operations within BESManagement and any client that enters the operation is already authorized to start/stop the container from accepting activities and no fault is needed.
I'm not sure that I agree with this approach. Depending on the back end that you are dealing with, the evaluation of who is authorized might not happen until the back end is contacted (i.e. after the operation invocation itself has been authenticated and authorized). It would also be useful to be able to indicate to the caller that the back end is not authorizing the access by using a NotAuthorizedFault. -- Chris