Amazon has released its new S3 service (Simple Storage Service). Through a REST or SOAP API, data can be securely stored on the servers of Amazon.
This new service made me think: when will such shared storage be used to exchange business documents between business partners? Why not use this
To use this shared storage for B2B, a good security and authorization mechanism is needed. It is possible to grant rights to users with Amazon accounts, but that is not enough.
While browsing through the documentation, and the SOAP API in particular, I noticed the nice secure mechanism based on HMAC: "HMAC-SHA1 digest (http://www.ietf.org/rfc/rfc2104.txt) of the concatenation of "AmazonS3" + OPERATION + Timestamp, using your AWS Secret Access Key as the key"".
But why didn't Amazon use WS-Security and the UserName Token Profile? The Username Token Profile is such a nice spec! Why opted Amazon for this HMAC solution?
2 comments:
It is in point of fact a nice and useful piece of information. I am satisfied that you simply shared this useful information with us. Please stay us informed like this. Thanks for sharing.
Wow, wonderful blog layout! How long have you been blogging for? you made blogging look easy. The overall look of your web site is excellent, as well as the content!
Post a Comment