[rest-practices] Securing intermediaries/generic services

Sergey Beryozkin sberyozk at redhat.com
Fri May 28 11:19:53 UTC 2010 

Hi

I've posted a response to resteasy-dev[1] to facilitate some feedback there from Stef/others, here's a summary.
I believe there are two main cases. 
One is when message subscribers/transaction participants 'own' their own servers. This case is the simplest one and I feel is quite likely to occur in practice. In this case an intermediary such as Messaging Server (MS) does authenticate itself with the server indirectly, by creating a signature and thus showing the knowledge of the shared secret generated during the subscriber's secure registration process. MS might also include some sort of enterprise-wide ID so that the server can properly authenticate it but I reckon this would a redundant piece of information given that the subscriber has a trust in MS, by using HTTPS and by owning the server.

Another case is where entities doing the subscriptions are actually not owning the servers where MS will push messages too. This is a  more complicated, kind of public internet (or very large enterprise) specific case which fits better into the OAuth picture.
Identity Management systems can definitely help here so that subscribers can avoid providing name/password to MS and the server and with MS having to know how to authenticate with individual servers. Some opaque IDS such as OpenId/etc can be used to get all involved authenticated and for MS to get OAuth tokens from the servers. Alernatively the subscribers can upload the public keys of the servers to MS and MS will just use HTTPS.

Both cases are doable but I'd really like to focus initially on the case 1 during the next weeks

Comments are welcome
Sergey
 

[1] http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimhMA9-TDAumm84qLk9yljil6UpymPPkxcHnUxs%40mail.gmail.com

----- Original Message -----
From: "Bill Burke" <bburke at redhat.com>
To: rest-practices at redhat.com
Sent: Thursday, May 27, 2010 2:25:45 PM GMT +00:00 GMT Britain, Ireland, Portugal
Subject: [rest-practices] Securing intermediaries/generic services

On JBoss side, I'm defining/creating some RESTful interfaces for our 
Transaction Manager and HornetQ Messaging.  One thing that needs to be 
defined for this is the authentication mechanism for these 
intermediary/generic services.

For example, the Messaging Service will want to push messages over HTTP 
to a registered receiver.  The TM would want to coordinate registered TX 
participants.  Basically, these intermediaries do work, on behalf of 
another client.

How do you think Enterprise IT would want to authenticate this?  Have a 
centralized identity management server that all servers share and just 
register usernames to run as with the generic intermediaries?  A 
lease-based protocol where temporary tokens are generated and exchanged?

We looked a little bit at OAuth, but it looks more and more like it 
wasn't made for this kind of interaction.


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

_______________________________________________
rest-practices mailing list
rest-practices at redhat.com
https://www.redhat.com/mailman/listinfo/rest-practices

More information about the rest-practices mailing list