Mesh4x Web Sync Server - Authentication - Authorization - Security
5 views
Skip to first unread message
jmt
Apr 29, 2009, 3:58:26 PM4/29/09
to Mesh4x Discussion
Hi all,
We have a new requirement from applications that need to use Mesh4x
Sync Server.
Mesh4x Sync Server is a simple Servlet, it exposes a RESTFull API to
create/update/remove/get MeshGroups and DataSet feeds.
Right now it is running on apache tomcat (HTTP protocol).
You can query data from a browser.
You can query data or synchronize data from a Mobile app (JavaRosa
Midlet) or Desktop app using HTTPSyncAdapter (GET/POST method).
We need to add authentication, authorization and secure data transfer
to the server.
I have a lot of questions:
1. Https is needed or is over killing? Apache Tomcat or Jetty
aproach?
2. For Authentication/Autorization RBAC model or a simple pasword
assigned to the mesh group when it is created ?
3. For Authorization: Are "query data" and "sync data" authorizations
required?
What do you think ?
Thanks in advance.
JMT
We have a new requirement from applications that need to use Mesh4x
Sync Server.
Mesh4x Sync Server is a simple Servlet, it exposes a RESTFull API to
create/update/remove/get MeshGroups and DataSet feeds.
Right now it is running on apache tomcat (HTTP protocol).
You can query data from a browser.
You can query data or synchronize data from a Mobile app (JavaRosa
Midlet) or Desktop app using HTTPSyncAdapter (GET/POST method).
We need to add authentication, authorization and secure data transfer
to the server.
I have a lot of questions:
1. Https is needed or is over killing? Apache Tomcat or Jetty
aproach?
2. For Authentication/Autorization RBAC model or a simple pasword
assigned to the mesh group when it is created ?
3. For Authorization: Are "query data" and "sync data" authorizations
required?
What do you think ?
Thanks in advance.
JMT
Daniel Cazzulino
Apr 30, 2009, 10:44:10 AM4/30/09
to mes...@googlegroups.com
IMO, it should take the simplest approach:
I'd make it optional if I mark a feed as "secure".
/kzu
--
Daniel Cazzulino | Developer Lead | XML MVP | Clarius Consulting | +1 425.329.3471
- I create an account on the sync server (this can be an application account)
- Use HTTPS with basic authentication and pass the credentials on authentication.
I'd make it optional if I mark a feed as "secure".
/kzu
--
Daniel Cazzulino | Developer Lead | XML MVP | Clarius Consulting | +1 425.329.3471
Reply all
Reply to author
Forward
0 new messages