REST-Security
3 views
Skip to first unread message
jharby
Oct 14, 2009, 1:04:09 PM10/14/09
to reststar-board
Some say HTTPS is sufficient. I think we should also mention
cryptographic encryption of the payload or parts thereof as a stronger
measure. Also the authorization piece could be described by a
structure within a container or application.
cryptographic encryption of the payload or parts thereof as a stronger
measure. Also the authorization piece could be described by a
structure within a container or application.
jharby
Oct 14, 2009, 1:05:32 PM10/14/09
to reststar-board
I correct last post to say encryption of the payload or parts of the
payload
payload
Bill Burke
Oct 14, 2009, 6:01:57 PM10/14/09
to reststa...@googlegroups.com
multipart/encrypted +/- multipart/signed for message body
encryption/signing?
encryption/signing?
Also, WWW-Authenticate header specifies the mechanism for
authentication, so I'm not sure what you me here. I not basic auth,
digest, or client-cert good enough for most things. OAuth for granting
3rd party access?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
Reply all
Reply to author
Forward
0 new messages