What is the current standard for authenticating Http requests (REST, Xml over Http)?
Posted
by CodeToGlory
on Stack Overflow
See other posts from Stack Overflow
or by CodeToGlory
Published on 2010-04-06T14:41:45Z
Indexed on
2010/04/06
14:43 UTC
Read the original article
Hit count: 239
rest
|restful-authentication
The standard should solve the following Authentication challenges like-
Replay attacks Man in the Middle Plaintext attacks Dictionary attacks Brute force attacks Spoofing by counterfeit servers
I have already looked at Amazon Web Services and that is one possibility. More importantly there seems to be two most common approaches:
- Use apiKey which is encoded in a similar fashion like AWS but is a post parameter to a request
- Use Http AuthenticationHeader and use a similar signature like AWS.
Signature is typically obtained by signing a date stamp with an encrypted shared secret. This signature is therefore passed either as an apiKey or in the Http AuthenticationHeader.
I would like to know weigh both the options from the community, who may have used one or more and would also like to explore other options that I am not considering. I would also use HTTPS to secure my services.
© Stack Overflow or respective owner