Web services Authentication Jungle
Posted
by redben
on Stack Overflow
See other posts from Stack Overflow
or by redben
Published on 2010-05-18T10:31:22Z
Indexed on
2010/05/19
23:30 UTC
Read the original article
Hit count: 275
web-services
|authentication
I have been doing some research lately about best approaches to authenticating web services calls (REST SOAP or whatever). But none of the Approaches convinced me... But i still can't a make a choise...
Some talk about SSL and http basic authentication -login/password- which just seems weird for a machine (i mean having to assign a login/password to a machine, or is it not ?).
Some others say API keys (seems like these scheme is more used for tracking and not realy for securing).
Some say tokens (like session IDs) but shouldn't we stay stateless (especially if in REST style) ?
In my use case, when a remote app is calling one of our web services, i have to authenticate the calling application obviously, and the call must - if applicable - tell me which user it impersonates so i can deal with authorization later.
Any thoughts ?
© Stack Overflow or respective owner