I would need a suggestion on how to secure my SOA composites. I have bpel composite services A,B,C. Service A calls Service B and calls Service C.
Service A is a B2B inbound service, service B and Service C are webservices. Now how will I secure Service B and C. Should I use SAML policies? As per my understanding, SAML is used for Single-SignOn. Will SAML fit into my design?