Provide an alternative to oAuth for securing REST APIs
------------------------------------------------------
Key: AMDATU-230
URL: http://jira.amdatu.org/jira/browse/AMDATU-230
Project: Amdatu
Issue Type: Task
Components: Amdatu Core
Affects Versions: 0.1.0
Reporter: Ivo Ladage - van Doorn
Most REST APIs can be secured using oAuth Signed Requests, 2-legged or 3-legged
oAuth. However, some services are that 'core' that they cannot or should not be
secured with oAuth. The best example of such an APIs is the Consumer registry.
If the REST API of this service was protected using oAuth Signed Requests, new
consumers could only be added AFTER they have already been added. Huh? Exactly,
that won't work.
One could think of a security mechanism using amdatu node certificates or
checking IP addresses to authenticate where a request is coming from.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
