[geeklog-devel] Webservices API in CVS
Dirk Haun
dirk at haun-online.de
Sun Aug 12 03:24:09 EDT 2007
Blaine Lang wrote:
>Although, I think the full power of webservices would be seen if we did
>implement security and this is how it could be implemented:
>
>You send a "authenticate" verb (...)
Authentication is, of course, handled by the protocol the webservices
uses. So Atompub in this case:
>14. Securing the Atom Publishing Protocol
>
> The Atom Publishing Protocol is based on HTTP. Authentication
> requirements for HTTP are covered in Section 11 of [RFC2616].
(...)
> At a minimum, client and server
> implementations MUST be capable of being configured to use HTTP Basic
> Authentication [RFC2617] in conjunction with a connection made with
> TLS 1.0 [RFC2246] or a subsequent standards-track version of TLS
(actually, I think it's currently only doing Basic Authentication,
without TLS - but then again that's about as secure as a direct login)
Once authenticated, it's like the user logged directly into the Geeklog site.
bye, Dirk
--
Geeklog Day at FrOSCon: August 25, 2007 - See you there!
http://www.geeklog.net/article.php/geeklog-day-at-froscon
More information about the geeklog-devel
mailing list