The B2C scenario corresponds to Web applications accessed by customers, traditionnaly built with some dynamic HTML/AJAX technology running on the server side, that have been elected to leverage the Silverlight capabilities (enriched user experience, vector based contents, scaling, rich media…).To comply with the scope of this blog, we’ll concentrate on RIA scenarios, where the customer accesses private data from a Silverlight Client.
As listed in Silverlight scenarios for Rich Internet Applications, the following constraints apply to the Customer Environment scenario :
- Infrastructure security is mandatory : it includes a DMZ to protect the Web Server and access to the Web Services and optional SSL/HTTPS communications depending on the confidentiality of the data accessed.
- Protocol adaptation is required if the application is interfaced with pre-existing Web Services that cannot be immediatly consumed by Silverlight. This extract work is performed by a mediation layer, materialized in the schema below by the Services Gateway. Moreover, the Services Gateway in the Customer scenario can enforce the alignement of the incoming messages with the entreprise governance policies.
- Authentication & authorization is required for Line of Business Applications to secure read and write access to Entreprise Data. Form based authentication would be the preferred way in this scenario. If you need Claim based authentication, take a look at the B2B scenario.
- A cross domain security file is required to access the Services Gateway
We plan to document this scenario by extending the “B2E with mediation” scenario, with Form Based Authentication & Authorization constraints. If you have technical requirements not list here, there’s good chance the B2C scenario can be enriched from the B2B scenario.