Re: Restful Login/Identifier

2007-10-02 Thread Rob Heittman
I concur with Mitch, RESTful authentication is done per request -- there are lots of good ways to do it; if each request contains sufficient information to be independently authenticated and acted upon by the server, it's RESTful. It sounds from your description that you might be building

Re: Restful Login/Identifier

2007-10-02 Thread Peter Lacey
I have only just started mussing over the very same idea. In my thinking the URLs would be much more readable. The core user resource would be something like http://example.com/users/{uname} To use this for authentication purposes, an application would receive credentials from the user,

Re: Restful Login/Identifier

2007-10-02 Thread Rob Heittman
No, SSL operates at the transport layer. It is not sniffable in transit. One highly undesirable feature, though, is that it will be recorded in logfiles, which are generally not treated with care. - Original Message - From: Mitch Stewart [EMAIL PROTECTED] To:

Re: Restful Login/Identifier

2007-10-02 Thread Peter Lacey
Well, I told you I only just started noodling. You're absolutely right of course. Another solution that comes to mind, is to mimic LDAP. In this case, the authenticating application, actually binds to the user resource as the authenticating user using Basic/SSL. This keeps the user's

Re: Restful Login/Identifier

2007-10-02 Thread Peter Lacey
Googling... Googling... Rob's right. The URL will not be visible if SSL is in use. His latter point is valid though. So my second suggestion is currently feeling better. Pete Rob Heittman wrote: No, SSL operates at the transport layer. It is not sniffable in transit. One highly

Re: Restful Login/Identifier

2007-10-02 Thread Mitch Stewart
Thanks Rob for the clarification, it seems the URL/query parameters are encrypted before any data is sent. Mitch -Original Message- From: Peter Lacey [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 02, 2007 3:13 PM To: discuss@restlet.tigris.org Subject: Re: Restful