What is the current standard for authenticating Http requests (REST, Xml over Http)?

Posted by CodeToGlory on Stack Overflow See other posts from Stack Overflow or by CodeToGlory
Published on 2010-04-06T14:41:45Z Indexed on 2010/04/06 14:43 UTC
Read the original article Hit count: 220

Filed under:

rest

|

restful-authentication

The standard should solve the following Authentication challenges like-

Replay attacks Man in the Middle Plaintext attacks Dictionary attacks Brute force attacks Spoofing by counterfeit servers

I have already looked at Amazon Web Services and that is one possibility. More importantly there seems to be two most common approaches:

Use apiKey which is encoded in a similar fashion like AWS but is a post parameter to a request
Use Http AuthenticationHeader and use a similar signature like AWS.

Signature is typically obtained by signing a date stamp with an encrypted shared secret. This signature is therefore passed either as an apiKey or in the Http AuthenticationHeader.

I would like to know weigh both the options from the community, who may have used one or more and would also like to explore other options that I am not considering. I would also use HTTPS to secure my services.

© Stack Overflow or respective owner

Related posts about rest

REST: How to store and reuse REST call queries

as seen on Programmers - Search for 'Programmers'
I'm learning C# by programming a real monstrosity of an application for personal use. Part of my application uses several SPARQL queries like so: const string ArtistByRdfsLabel = @" PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> SELECT… >>> More
REST Framework - MS Web Api vs the rest of the field

as seen on Programmers - Search for 'Programmers'
I am a .NET developer who is looking into the OSS world for a REST framework similar to Microsoft's Web Api. I'll be starting a personal project soon and need to develop both a web site and an API with the API coming first. I've ruled out Ruby on Rails just because I feel that with my background… >>> More
Self Hosted WCF REST Service or Hosting WCF REST Service in Console Application

as seen on C# Corner - Search for 'C# Corner'
n this article, I will show you How to create a REST based service, How to host a REST,based service in Console application and How to consume a REST Service at client. >>> More
Trouble determining proper decoding of a REST response from an ArcGIS REST service using IHttpModule

as seen on Stack Overflow - Search for 'Stack Overflow'
First a little background on what I am trying to achieve. I have an application that is utilizing REST services served by ArcGIS Server and IIS7. The REST services return data in one of several different formats. I am requesting a JSON response. I want to be able to modify the response (remove… >>> More
WCF REST on .Net 4.0

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
A simple and straight forward article taken from: http://christopherdeweese.com/blog2/post/drop-the-soap-wcf-rest-and-pretty-uris-in-net-4 Drop the Soap: WCF, REST, and Pretty URIs in .NET 4 Years ago I was working in libraries when the Web 2.0 revolution began. One of the things that caught… >>> More

Related posts about restful-authentication

Restful authentication between two GAE apps.

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello everyone, i am trying to write a restful google app engine application (python) that accepts requests only from another GAE that i wrote. I dont like any of the ways that i thought of to get this done, please advice if you know of something better than: Get SSL setup, and simply add the credentials… >>> More
Installing RESTful Authentication on netbeans

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I am using Netbeans 6.8 on ubuntu 10.04 and am having trouble installing RESTful Authentication. I have gone to Install Generators, selected restful_authentication and installed it - all messages from Gem show that it has installed and it shows under the Installed tab. However, when I come to… >>> More
Is this a secure solution for RESTful authentication?

as seen on Programmers - Search for 'Programmers'
I need to quickly implement a RESTful authentication system for my JavaScript application to use. I think I understand how it should work, but I just want to double check. Here's what I'm thinking -- what do you guys think? Database schema users id : integer first_name : varchar(50) last_name… >>> More
Transition from restful authentication to authlogic in not working in rails

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm using restful authentication in rails. Now I just want to change it to Authlogic. I used acts_as_authentic do |c| c.transition_from_restful_authentication = true end and changed the password and salt field to 128 characters.But, if I create a new user crypted password length is 40… >>> More
Rails: restful authentication setup help

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I downloaded the plugin from http://github.com/techweenie/restful-authentication.git Then I run rails generate plugin authenticated user session This is the result I got: create vendor/plugins/authenticated create vendor/plugins/authenticated/MIT-LICENSE create vendor/plugins/authenticated/README … >>> More