What is the current standard for authenticating Http requests (REST, Xml over Http)?

Posted by CodeToGlory on Stack Overflow See other posts from Stack Overflow or by CodeToGlory
Published on 2010-04-06T14:41:45Z Indexed on 2010/04/06 14:43 UTC
Read the original article Hit count: 239

The standard should solve the following Authentication challenges like-

Replay attacks Man in the Middle Plaintext attacks Dictionary attacks Brute force attacks Spoofing by counterfeit servers

I have already looked at Amazon Web Services and that is one possibility. More importantly there seems to be two most common approaches:

  1. Use apiKey which is encoded in a similar fashion like AWS but is a post parameter to a request
  2. Use Http AuthenticationHeader and use a similar signature like AWS.

Signature is typically obtained by signing a date stamp with an encrypted shared secret. This signature is therefore passed either as an apiKey or in the Http AuthenticationHeader.

I would like to know weigh both the options from the community, who may have used one or more and would also like to explore other options that I am not considering. I would also use HTTPS to secure my services.

© Stack Overflow or respective owner

Related posts about rest

Related posts about restful-authentication