Dear Experts,
Working on a project to publish API to support web services based authentication & authorization(with the help of Siteminder assertions available)
I would like to understand the best practices should be followed to protect the services. For an example, it should not be open for anyone and should work only based on the Mutual Trust, etc...
Could you share your suggestions?
Thanks,
RaamVeera