SOAP Requests

Go to solution
Imani Collins
ServiceNow Employee
ServiceNow Employee

‎09-05-2023 08:31 AM

Hi All!

Could someone please tell me the difference between these two security findings? 

There is one that says:

SOAP request authorization 

and another that says:

SOAP request strict security 

 

Could someone help explain the difference between the two security findings

 

Thanks

0 Helpfuls
  • 486 Views
1 ACCEPTED SOLUTION

Go to solution
Tushar
Kilo Sage
Kilo Sage

‎09-05-2023 10:03 AM

Hi @Imani Collins 

 

The main difference between SOAP request authorization and SOAP request strict security is that SOAP request authorization only requires that the incoming SOAP request be authenticated, while SOAP request strict security requires that the incoming SOAP request be authenticated and that the user have the appropriate permissions to access the requested resources.

In more detail, SOAP request authorization ensures that the user who is sending the SOAP request is who they say they are. This is done by requiring the user to provide a username and password. The SOAP server then validates these credentials and allows the request to proceed if they are valid.

SOAP request strict security goes a step further by also requiring that the user have the appropriate permissions to access the requested resources. This is done by using a system called Contextual Security.

Contextual Security takes into account the user's role, the time of day, and the location of the request to determine whether the user is authorized to access the requested resources.

 

 


Please, don't forget to mark my answer as correct if it solves your issue or mark it as helpful if it is relevant for you!

Regards,
Tushar

 

View solution in original post

1 REPLY 1

Go to solution
Tushar
Kilo Sage
Kilo Sage

‎09-05-2023 10:03 AM

Hi @Imani Collins 

 

The main difference between SOAP request authorization and SOAP request strict security is that SOAP request authorization only requires that the incoming SOAP request be authenticated, while SOAP request strict security requires that the incoming SOAP request be authenticated and that the user have the appropriate permissions to access the requested resources.

In more detail, SOAP request authorization ensures that the user who is sending the SOAP request is who they say they are. This is done by requiring the user to provide a username and password. The SOAP server then validates these credentials and allows the request to proceed if they are valid.

SOAP request strict security goes a step further by also requiring that the user have the appropriate permissions to access the requested resources. This is done by using a system called Contextual Security.

Contextual Security takes into account the user's role, the time of day, and the location of the request to determine whether the user is authorized to access the requested resources.

 

 


Please, don't forget to mark my answer as correct if it solves your issue or mark it as helpful if it is relevant for you!

Regards,
Tushar