Fig-7: A deployment architecture for SSO and web service call.
Fig-7: A deployment architecture for SSO and web service call.
The above diagram illustrates a typical frontend-backend integration situation.
The TAS3 integration can be accomplished in several ways, from least intrusive to the original (legacy) application to more intrusive, but also more granular:
See also [TAS3D71IdMAnAz] Fig-8.2 "Using a Gateway for Legacy Applications". This approach is completely application independent and simply TAS3 wraps existing protocol. Limitation tends to be that TAS3 authorization and obligations have to be applied at granularity of a protocol message rather than the data in it.
Either web server module, like mod_auth_saml, or an application server module, like Servlet Filter or AXIS2 Interceptor, is inserted to the processing stack. While software realization is quite different, this is still similar to the mediation box model.
Similar to the above filter approach, but the filter has some ability to "drill in" to the application protocol. For example, if all data in the application is represented in uniform format, such as Java Objects, then a generic filter can be supplied that applies authorization and obligations to all data represented in such way.
This approach relies the application programmer to instrument his application with necessary authorization and other calls. We are simply trying to make his job easier by providing readily available, TAS3 certified, APIs that make the instrumenting job easy.