Securing RS - Enterprise Environment

[David Reeves]

I'm looking for some guidance in securing the Reporting Services Server in
an enterprise environment.

We need the ability to pass a security token representing the assembly, and
a token representing the user to the Reporting Service. The Reporting
Service would then validate that the calling assembly has permission to
access the requested report (An application only has access to its own
reports) and that then log the user that requested the report.

We also need the ability to lock down the web service so that only
authorized individuals could deploy and manage reports.

At the launch event, I was told that MS would be posting some Security
Extension documentation but I have yet to find it.

Any guidance here would be greatly appreciated.

Thanks in advance,
David Reeves
Mary Ellen Chaffin
Southern Company Services