Security for accessing web services in one domain from another domain is provided by Active Directory and a trust relationship between the domains. The authentication of users in one domain is trusted by the other domain in a trust relationship. Users in a trusted domain have access to resources in the trusting domain, subject to the access controls that are applied in the trusting domain.
Access to resources is restricted by access control. Trust relationships allow users and computers to be authenticated (to have their identity verified) by an authentication authority. Access control allows authenticated users to use the resources (files, folders, and virtual containers) that they are authorized to use and prohibits them from using (or even seeing) resources that they are not authorized to use.
To access a DeltaV node hosting a program accessible by web service, any user connecting to the web service must be assigned to the node's DeltaV group. This means that once the domain trust is established, users from the non-DeltaV domain who access the web service must be added to the DeltaV groups in the DeltaV domain.
For example if a reciprocal trust exists between the domains, DOMAIN1 and DOMAIN2, and the user DOMAIN1\USER1 wants to access the web service connected to a DeltaV server on DOMAIN2, the following steps must be performed:
Add DOMAIN1\USER1 to the DeltaV group on the domain controller on DOMAIN2 (the DeltaV ProfessionalPlus or Independent DeltaV Domain Controller (IDDC) computer).
Add DOMAIN1\USER1 to the DeltaV group on the individual DeltaV nodes hosting applications supported by web services.
Ensure that the user has a matching DeltaV account name, downloaded with the appropriate privileges.
Add DOMAIN2\USER1 to the DeltaV group on the Secure SOA Server.
You can also create a user on the DeltaV domain with appropriate privileges for SOA application access. Then add that user to the non-DeltaV domain.