[geeklog-devel] Webservices API in CVS

Blaine Lang devel at portalparts.com
Sun Aug 12 08:45:33 EDT 2007


Dirk Haun wrote:
 > Authentication is, of course, handled by the protocol the webservices 
uses. So Atompub in this case:

Right and thats fine for Atompub but I was hinting at a generic 
authentication service which would require (I'm suggesting)  a new field 
to hold a unique encrypted key which could be returned and used in 
subsequent webservices calls. Otherwise, it appears to me (and I have 
not looked at the code or the Atompub service) that others that want to 
write a secure service, they need to also implement authentication. 
Would it not be a good idea to offer a base authentication service. 
Webservice could still add/layer on their own like Atompub is doing.

Anyway, I am off the net for the next 8 days or so.....

> Blaine Lang wrote:
>
>   
>> Although, I think the full power of webservices would be seen if we did 
>> implement security and this is how it could be implemented:
>>
>> You send a "authenticate" verb (...)
>>     
>
> Authentication is, of course, handled by the protocol the webservices
> uses. So Atompub in this case:
>
>   
>> 14.  Securing the Atom Publishing Protocol
>>
>>   The Atom Publishing Protocol is based on HTTP.  Authentication
>>   requirements for HTTP are covered in Section 11 of [RFC2616].
>>     
> (...)
>   
>>   At a minimum, client and server
>>   implementations MUST be capable of being configured to use HTTP Basic
>>   Authentication [RFC2617] in conjunction with a connection made with
>>   TLS 1.0 [RFC2246] or a subsequent standards-track version of TLS
>>     
>
> (actually, I think it's currently only doing Basic Authentication,
> without TLS - but then again that's about as secure as a direct login)
>
> Once authenticated, it's like the user logged directly into the Geeklog site.
>
> bye, Dirk
>
>
>   



More information about the geeklog-devel mailing list