[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[rest-practices] Securing intermediaries/generic services



On JBoss side, I'm defining/creating some RESTful interfaces for our Transaction Manager and HornetQ Messaging. One thing that needs to be defined for this is the authentication mechanism for these intermediary/generic services.

For example, the Messaging Service will want to push messages over HTTP to a registered receiver. The TM would want to coordinate registered TX participants. Basically, these intermediaries do work, on behalf of another client.

How do you think Enterprise IT would want to authenticate this? Have a centralized identity management server that all servers share and just register usernames to run as with the generic intermediaries? A lease-based protocol where temporary tokens are generated and exchanged?

We looked a little bit at OAuth, but it looks more and more like it wasn't made for this kind of interaction.


--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]