Hi, I am writing a RESTful service that will be called by a php client using cURL. I am trying to determine the best way to handle authentication. I don't think that basic http authentication will work with a RESTful service. As far as I understand it, a RESTful service cannot support ws-security. The datamodel used by the data access layer for the service has a user table with a username and password. I would like to make sure that all requests being made to the service are from users in this table and that the user credentials have been validated. A simple approach I have thought of is to simply make the client pass a username and password with each request.
Can anyone recommend an authentication strategy that works well for a RESTful service? Sincerely, dustfinger.
