Whatever identifier you choose to identify a consumer application, it must be unique to the application. Identifiers that represent user names are often not suitable because the identified users might submit requests from multiple consumer applications.Although identifying applications by IP address or host name is often a suitable choice, it does create a dependency on the network infrastructure. If a consumer application moves to a new machine, or its IP address changes, you must update the identifiers in the application asset.Using X.509 certificates or a custom token that is extracted from the SOAP message itself (using an XPATH expression), is often the most trouble-free way to identify a consumer application.Note: | Depending on which form of identification you choose, the run-time policy that you use to extract the consumer identifier might need to perform certain prerequisite actions prior to the Identify Consumer action. For example, if you want to identify a consumer application by WS-Security authentication token, your run-time policy must execute the Require WSS Username Token action before it executes the Identify Consumer action. These dependencies are described in the user documentation for the Identify Consumer action. |
