[geeklog-devel] Webservices API in CVS

Dirk Haun dirk at haun-online.de
Sun Aug 12 03:24:09 EDT 2007


Blaine Lang wrote:

>Although, I think the full power of webservices would be seen if we did 
>implement security and this is how it could be implemented:
>
>You send a "authenticate" verb (...)

Authentication is, of course, handled by the protocol the webservices
uses. So Atompub in this case:

>14.  Securing the Atom Publishing Protocol
>
>   The Atom Publishing Protocol is based on HTTP.  Authentication
>   requirements for HTTP are covered in Section 11 of [RFC2616].
(...)
>   At a minimum, client and server
>   implementations MUST be capable of being configured to use HTTP Basic
>   Authentication [RFC2617] in conjunction with a connection made with
>   TLS 1.0 [RFC2246] or a subsequent standards-track version of TLS

(actually, I think it's currently only doing Basic Authentication,
without TLS - but then again that's about as secure as a direct login)

Once authenticated, it's like the user logged directly into the Geeklog site.

bye, Dirk


-- 
Geeklog Day at FrOSCon: August 25, 2007 - See you there!
http://www.geeklog.net/article.php/geeklog-day-at-froscon




More information about the geeklog-devel mailing list