|
Thanks Nathan. Good information, and I'll keep it in mind. Thanks, Kelly -----Original Message----- From: WEB400 [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Nathan Andelin Sent: Friday, May 15, 2015 1:34 PM To: Web Enabling the IBM i (AS/400 and iSeries) Subject: Re: [WEB400] IBM i authentication and RESTful web service design Kelly, The definition of "web services" that you found at www.w3.org is what I was schooled in. Of course, definitions evolve over time; REST is now viewed as an alternative to WSDLs and SOAP. I think people typically view "web services" as program-to-program and platform-to-platform communications where JSON and/or XML documents are exchanged. Regarding the HTTP configuration sample which Scott Klement shared, concerning "basic HTTP authentication"; that may be a useful utility for very basic requirements, but it is inadequate as the number and type of users, and scope of your applications increase. Under basic HTTP authentication, you're essentially granting authority to HTTP resources, which are filtered by URLs, to a directory full of users. In ERP class systems, authorities granted to users and user groups need more granularity. In our web portal, we grant authorities to "work areas", which grants authorities to IBM i library lists, IFS directories, and top-level menus. >From there, authorities may be granted to sub-menus, menu items, data, and "options" exposed by applications. Most organizations wouldn't want to assign such granular authorities to "user directories" or user repositories; whether that be LDAP, IBM i user profiles, or IBM i authorization lists. Such granular authorities are rather assigned to individual users and user groups. Authorities granted to teachers, students, health care providers, counselors, lunch workers, school principals, would all be different. You wouldn't want to reconfigure HTTP server instances, and restart HTTP servers, as additions and changes to user and group authorities are granted. Moreover, users may need the ability to reset lost or forgotten credentials. The system may need to handle rules such as session expiration, password expiration, disabled user profiles, which may not be handled by basic HTTP authentication. Since login prompts are the entry points to broadly scoped applications, site administrators may wish to post event notifications, such as planned downtime, on the login screen. -- This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.