[geeklog-devel] Webservices API in CVS
Blaine Lang
devel at portalparts.com
Sun Aug 12 08:45:33 EDT 2007
Dirk Haun wrote:
> Authentication is, of course, handled by the protocol the webservices
uses. So Atompub in this case:
Right and thats fine for Atompub but I was hinting at a generic
authentication service which would require (I'm suggesting) a new field
to hold a unique encrypted key which could be returned and used in
subsequent webservices calls. Otherwise, it appears to me (and I have
not looked at the code or the Atompub service) that others that want to
write a secure service, they need to also implement authentication.
Would it not be a good idea to offer a base authentication service.
Webservice could still add/layer on their own like Atompub is doing.
Anyway, I am off the net for the next 8 days or so.....
> Blaine Lang wrote:
>
>
>> Although, I think the full power of webservices would be seen if we did
>> implement security and this is how it could be implemented:
>>
>> You send a "authenticate" verb (...)
>>
>
> Authentication is, of course, handled by the protocol the webservices
> uses. So Atompub in this case:
>
>
>> 14. Securing the Atom Publishing Protocol
>>
>> The Atom Publishing Protocol is based on HTTP. Authentication
>> requirements for HTTP are covered in Section 11 of [RFC2616].
>>
> (...)
>
>> At a minimum, client and server
>> implementations MUST be capable of being configured to use HTTP Basic
>> Authentication [RFC2617] in conjunction with a connection made with
>> TLS 1.0 [RFC2246] or a subsequent standards-track version of TLS
>>
>
> (actually, I think it's currently only doing Basic Authentication,
> without TLS - but then again that's about as secure as a direct login)
>
> Once authenticated, it's like the user logged directly into the Geeklog site.
>
> bye, Dirk
>
>
>
More information about the geeklog-devel
mailing list