Re: Restful Login/Identifier

I think you might be missing the point of JC's original request. It's not that he wants to provide some new means of authenticating to a service, he wants to provide a RESTful means of having the service validate the credentials. At least that's how I read it. In other words, a client can

Re: Restful Login/Identifier

Peter Lacey wrote: he wants to provide a RESTful means of having the service validate the credentials. At least that's how I read it. Right, I understand that. What I'm saying is that I don't think there's a use case for validating credentials when all that's really needed is for a

Re: Restful Login/Identifier

I think we're having some nomenclature issues. See inline for more. Adam Taft wrote: Peter Lacey wrote: he wants to provide a RESTful means of having the service validate the credentials. At least that's how I read it. Right, I understand that. What I'm saying is that I don't think

Re: Restful Login/Identifier

Adam Taft wrote: Peter Lacey wrote: In that I agree. But in my scenario the client of the authenticate service is the resource being accessed, not the client requesting the resource. Visually: CLIENT -- uname/pwd --- RESOURCE -- uname/pwd --- AUTHENTICATE SERVICE Right,

Re: Restful Login/Identifier

Peter Lacey wrote: In that I agree. But in my scenario the client of the authenticate service is the resource being accessed, not the client requesting the resource. Visually: CLIENT -- uname/pwd --- RESOURCE -- uname/pwd --- AUTHENTICATE SERVICE Right, gotcha. The

Re: Restful Login/Identifier

JC wrote: I am trying to develop a Restful login system. I have never found a form or url based authentication system that felt anywhere near as good (or even as RESTful) as using Basic Authentication over SSL. First of all, I believe people need to get over this concept of logging in.

Re: Restful Login/Identifier

Heh, good point Adam. I'm definitely going to start telling my clients they just need to get over this whole silly logging in thing... ;-) On 10/3/07, Adam Taft [EMAIL PROTECTED] wrote: JC wrote: I am trying to develop a Restful login system. I have never found a form or url based

Re: Restful Login/Identifier

I know you're teasing, so I won't be long... but just to be clear, when I say people should get over this concept of logging in, I mean us developers, not the end users. The user agent, of course, still prompts the user for credentials when it's appropriate to do so. The login process, as

Re: Restful Login/Identifier

Adam Taft wrote: The user agent, of course, still prompts the user for credentials when it's appropriate to do so. The login process, as the end user perceives it, still happens. It's just all about thinking in stateless RESTful terms, which is it seems hard for some (many? most??) web

Re: Restful Login/Identifier

- Original Message - From: Mitch Stewart [EMAIL PROTECTED] To: discuss@restlet.tigris.org Sent: Tuesday, October 2, 2007 2:30:43 PM (GMT-0500) America/New_York Subject: RE: Restful Login/Identifier JC, We do a combination of Basic Authentication and AWS Authentication (both available

Re: Restful Login/Identifier

I have only just started mussing over the very same idea. In my thinking the URLs would be much more readable. The core user resource would be something like http://example.com/users/{uname} To use this for authentication purposes, an application would receive credentials from the user,

Re: Restful Login/Identifier

@restlet.tigris.org Sent: Tuesday, October 2, 2007 3:02:49 PM (GMT-0500) America/New_York Subject: RE: Re: Restful Login/Identifier If you place the password inside the URL as a parameter, won't that be sniffable because the URL contents are not encrypted via SSL, only the payload of the request? I think

Re: Restful Login/Identifier

@restlet.tigris.org Subject: Re: Restful Login/Identifier I have only just started mussing over the very same idea. In my thinking the URLs would be much more readable. The core user resource would be something like http://example.com/users/{uname} To use this for authentication purposes

Re: Restful Login/Identifier

a URL. Mitch -Original Message- From: Peter Lacey [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 02, 2007 2:55 PM To: discuss@restlet.tigris.org Subject: Re: Restful Login/Identifier I have only just started mussing over the very same idea. In my thinking the URLs would be much

Re: Restful Login/Identifier

/New_York Subject: RE: Re: Restful Login/Identifier If you place the password inside the URL as a parameter, won't that be sniffable because the URL contents are not encrypted via SSL, only the payload of the request? I think that's why Basic Authentication sends the data inside