[rest-practices] Securing intermediaries/generic services
Bill Burke
bburke at redhat.com
Thu May 27 13:25:45 UTC 2010
On JBoss side, I'm defining/creating some RESTful interfaces for our
Transaction Manager and HornetQ Messaging. One thing that needs to be
defined for this is the authentication mechanism for these
intermediary/generic services.
For example, the Messaging Service will want to push messages over HTTP
to a registered receiver. The TM would want to coordinate registered TX
participants. Basically, these intermediaries do work, on behalf of
another client.
How do you think Enterprise IT would want to authenticate this? Have a
centralized identity management server that all servers share and just
register usernames to run as with the generic intermediaries? A
lease-based protocol where temporary tokens are generated and exchanged?
We looked a little bit at OAuth, but it looks more and more like it
wasn't made for this kind of interaction.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the rest-practices
mailing list