WCF, DataPower Integration - Required Binding?

Question

WCF, DataPower Integration - Required Binding?

I am developing a WCF service using basic HTTP binding. It has been integrated with DataPower. I want to follow best practices, allowing secure binding. It's necessary?

Referring to slide 8 in DataPower WCF Integration :

DataPower is designed to disable security for WCF services.

Thanks.

0

wcf ibm-datapower wcf-security

youwhut Dec 21 '10 at 9:46

source share

1 answer

Don demsak · Accepted Answer · 2010-12-22T21:33:07+0000

Only your security architects can truly tell you if this is necessary for your business. Remember that everything you send over the wire is unsafe when using basic HTTP. Perhaps this is not a problem within the enterprise. But anyone who sniffed traffic could intercept your messages and easily get to the data inside.

At Tellago, we made WCF-Data Power integration using custom federated security (almost the same as in Geneva, WIF) for our customers. But, most likely, if you ask if you need security, you are probably not using federated security.

WCF, DataPower Integration - Required Binding?

More articles: