Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over a network to prove their identity to one another in a secure manner. The kerberos protocol provides strong authentication using secret key cryptography. Web-Services Security (WS-Security) is a specification to secure and authenticate network communications using Simple Object Application Protocol (SOAP). SOAP is a protocol for exchanging Extensible Markup Language (XML)-based messages over computer networks, typically using Hypertext Transfer Protocol/Hypertext Transfer Protocol over Secure Socket Layer (HTTP/HTTPS). SOAP forms the foundation layer of the web services protocol stack providing a basic messaging framework upon which abstract layers can be built.
In order to effectively host multiple web service provider applications using WS-SecurityKerberos, the application provider framework provides a way for security administrators to configure a service principal name (SPN) for an application. Conventional solutions, such as implemented within the NET framework, tie the SPN to the Transfer Control Protocol/Internet Protocol (TCP/IP) port on which the web service application is listening. Hence, conventional solutions use a unique and/or dedicated port for each application which uses a unique SPN. Using a unique port for each application creates additional difficulties when the topology involves a web service gateway or proxy, and/or when the web service providers are clustered. These difficulties might include managing multiple ports, opening multiple ports in the firewall, and exhaustion of port resources.