HI All,
I have a requirement that to secure the service from consumer A to provider B, which the provider B will only accept the message from consumer A but not from consumer C. Can I know what are the best option to achieve this ? Message Level or Transport Level?
FYI
Platform that involved will be consumer : .Net and provider: SAP.
I came across the Message Level Security with Pass-Through approach. Not sure is this the correct direction i need to look into it. If this is confirm, what should be implemented in both provider and consumer web service. What type of security is the best to adopt, username base token, SAML or others.
The reason to have this requirement is because Provider B proxy will be expose in OSB, which means any consumer that have access to the proxy service level will able to invoke the OSB Provider B proxy and the Provider B web service would like to restrict the consumer that invoke even though is come from the OSB.