Look at this article which shows an even worse example by SUN:) http://developers.sun.com/identity/reference/techart/id-svcs.html
To my mind: /authentication could be a resource /authentication/logout is not resource but an action... Something like /authentication with something like a "state=logout" in parameters or body would be better... REST would require this to be a POST and not a GET because it means you change the resource... But it would mean you can't logout without sending a POST request which is not practical to my mind... So, the question is: can we find a way to make logout look like it doesn't change the authentication resource?... hummmm OK, it's stupid because I'm just trying to make the problem fit the REST architecture. This is certainly not a solution, just a misuse of the architecture... >From my point of view, REST is an architecture model which doesn't fit for anything... Sometimes, you can't fulfill all its requirements and you have to accept some steps aside the theory... so something like "GET /authorization?state=logout" might not be exactly RESTful but it is acceptable for my intellect ;) regards Pascal On Sun, Dec 21, 2008 at 10:29 PM, Fabio Mancinelli < [email protected]> wrote: > Vincent Massol wrote: > > I have no idea about implementation. All I was saying is that IMO we > > should offer a REST API that works when not authenticated (in that > > case the user is considered Guest). > > > > Maybe there was a misunderstanding. I agree with you. > I just didn't agree with the way Nexus does it. > > Anyway I committed a tentative implementation of the behavior you were > suggesting in the sandbox. > > -Fabio > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
