From: Bill B. <bb...@re...> - 2011-02-01 18:27:22
|
I'm not sure either. I've been looking for somebody to give me some requirements around this sort of thing for awhile now. What would be ideal for you? I'm looking to add something to RESTEasy based on customer driven requirements rather than just guessing. I think I'd prefer a type agnostic approach via something like multipart/signed and/or multipart/encrypted rather XML digital signature. On 2/1/11 11:47 AM, Totsline, Greg wrote: > Hi – > I was wondering if there is a recommended best practice or preferred > mechanism for authenticating REST requests. For example, do most folks > use an XML Digital Signature and include it in the payload of the > request, or the HTTP Authorization header, or something else? I am > trying to use message level security so point-point solutions like SSL > aren’t really an option. > Thanks very much. > -greg > > > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > > > > _______________________________________________ > Resteasy-developers mailing list > Res...@li... > https://lists.sourceforge.net/lists/listinfo/resteasy-developers -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com |