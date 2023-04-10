Home News Updating of the Security Patterns of the Interoperability Guidelines
Updating of the Security Patterns of the Interoperability Guidelines

Regarding the OAuth2 standard, although in the LG Security API (Technology Guidelines and standards for the security of interoperability through APIs of IT systems) the same refers to REST technology, it should be noted that to ensure the protection of the investments made by the PAs there are no impediments to the application of the OAuth2 standard even in the case of using the SOAP technology.

In this regard, we take the opportunity to recall that although SOAP technology allows the application of different transport protocols, the application of the WS-I Basic Profile foreseen in LG Technical Interoperability (Guidelines on the technical interoperability of the Public Administrations) limits this choice to the use of the HTTP transport protocol only (see 4.7.2 HTTP Transport in Basic Profile Version 1.1).

Considering what has been highlighted above, it should be noted that the PAs MAY use the OAuth2 standard in combination with SOAP technology by providing:

  • – authentication of the calling client at the HTTP transport level using the OAuth2 standard;
  • – to use SOAP and, in general, the WS-* stack for the remaining exchange needs, for example the use of WS-Security SAML Profile.
