We recommend a number of scenarios that combine authentication mechanisms and connection security. The table below provides you with assistance in deciding which scenario is useful when.

The scenarios are divided by the logon mechanisms used for logging on to the WS provider system. Some scenarios use a fixed service user, while with others, the identity of the user logged on to the WS consumer system is propagated to the WS provider system (Single Sign-On). Single Sign-On can be implemented using a number of techniques, depending on the authentication method in use.

Web Service messages can be passed through any number of connections and, potentially, a large number of intermediary stations. Point-to-point or connection-oriented security at the HTTP transport level may be insufficient or inappropriate for supporting this decoupled interaction. Security at the message level, on the other hand, guarantees security between the end points that is independent of the security used between the intermediary stations.