Hi Henrik,

I'm not sure what type of REST apps you're usually writing, but why wouldn't HTTPS coupled with some sort of Login REST API call work ?

Would work something similar to this:
-Call Rest API to login and create a unique session ID to send back to caller.
-Caller sends session ID back and forth with each transaction.
-Sessions can time out on the server after xx amount of seconds, minutes or days.

Another method would be to always pass the user ID and password info to the REST call over HTTPS wouldn't it ?

Regards,
Richard Schoen
RJS Software Systems Inc.
Where Information Meets Innovation
Document Management, Workflow, Report Delivery, Forms and Business Intelligence
Email: richard@xxxxxxxxxxxxxxx
Web Site: http://www.rjssoftware.com
Tel: (952) 736-5800
Fax: (952) 736-5801
Toll Free: (888) RJSSOFT
------------------------------

message: 8
date: Mon, 22 Nov 2010 00:30:41 +0100
from: Henrik R?tzou <hr@xxxxxxxxxxxx>
subject: Re: [WEB400] IBM i in the cloud (was social media)

Joe,

you obviously dosn't have a clue of the security issues a REST enabled
application
has to handle - HTTPS dosn't solve anything and SOAP is out of the question
when
you talk about iPhone Apps that has to "speak" with 50 REST services on the
server.




On Sun, Nov 21, 2010 at 11:57 PM, Joe Pluta <joepluta@xxxxxxxxxxxxxxxxx>wrote:

On 11/21/2010 1:38 PM, Henrik R?tzou wrote:
I'm still waiting for an answer on how EGL handles security ?

That's really not a question, Henrik. It's a discussion topic <smile>.
"Security" as in what? Authentication? Authorization? For thin client
EGL uses JSF which has a robust security framework. For REST
communications the simplest method is HTTPS. Is there something above
that which you need? Because to me REST is typically used to
communicate between tiers of an application rather than to external
consumers. Externally I would use SOAP, which also has very robust
security.

I guess I'm asking "what is the business requirement" and "what are we
comparing it to"?

Joe
--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.