I think you might be missing the point of JC's original request. It's
not that he wants to provide some new means of authenticating to a
service, he wants to provide a RESTful means of having the service
validate the credentials. At least that's how I read it.
In other words, a client can
Peter Lacey wrote:
he wants to provide a RESTful means of having the service
validate the credentials. At least that's how I read it.
Right, I understand that. What I'm saying is that I don't think there's
a use case for validating credentials when all that's really needed
is for a
I think we're having some nomenclature issues. See inline for more.
Adam Taft wrote:
Peter Lacey wrote:
he wants to provide a RESTful means of having the service validate
the credentials. At least that's how I read it.
Right, I understand that. What I'm saying is that I don't think
Adam Taft wrote:
Peter Lacey wrote:
In that I agree. But in my scenario the client of the authenticate
service is the resource being accessed, not the client requesting
the resource. Visually:
CLIENT -- uname/pwd --- RESOURCE -- uname/pwd ---
AUTHENTICATE SERVICE
Right,
Peter Lacey wrote:
In that I agree. But in my scenario the client of the authenticate
service is the resource being accessed, not the client requesting the
resource. Visually:
CLIENT -- uname/pwd --- RESOURCE -- uname/pwd ---
AUTHENTICATE SERVICE
Right, gotcha. The
JC wrote:
I am trying to develop a Restful login system.
I have never found a form or url based authentication system that felt
anywhere near as good (or even as RESTful) as using Basic Authentication
over SSL.
First of all, I believe people need to get over this concept of logging
in.
Heh, good point Adam. I'm definitely going to start telling my clients they
just need to get over this whole silly logging in thing...
;-)
On 10/3/07, Adam Taft [EMAIL PROTECTED] wrote:
JC wrote:
I am trying to develop a Restful login system.
I have never found a form or url based
I know you're teasing, so I won't be long... but just to be clear, when
I say people should get over this concept of logging in, I mean us
developers, not the end users.
The user agent, of course, still prompts the user for credentials when
it's appropriate to do so. The login process, as
Adam Taft wrote:
The user agent, of course, still prompts the user for credentials when
it's appropriate to do so. The login process, as the end user perceives
it, still happens. It's just all about thinking in stateless RESTful
terms, which is it seems hard for some (many? most??) web
- Original Message -
From: Mitch Stewart [EMAIL PROTECTED]
To: discuss@restlet.tigris.org
Sent: Tuesday, October 2, 2007 2:30:43 PM (GMT-0500) America/New_York
Subject: RE: Restful Login/Identifier
JC,
We do a combination of Basic Authentication and AWS Authentication (both
available
I have only just started mussing over the very same idea. In my
thinking the URLs would be much more readable. The core user resource
would be something like http://example.com/users/{uname} To use this
for authentication purposes, an application would receive credentials
from the user,
@restlet.tigris.org
Sent: Tuesday, October 2, 2007 3:02:49 PM (GMT-0500) America/New_York
Subject: RE: Re: Restful Login/Identifier
If you place the password inside the URL as a parameter, won't that be
sniffable because the URL contents are not encrypted via SSL, only the
payload of the request? I think
@restlet.tigris.org
Subject: Re: Restful Login/Identifier
I have only just started mussing over the very same idea. In
my thinking the URLs would be much more readable. The core
user resource would be something like
http://example.com/users/{uname} To use this for
authentication purposes
a
URL.
Mitch
-Original Message-
From: Peter Lacey [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 02, 2007 2:55 PM
To: discuss@restlet.tigris.org
Subject: Re: Restful Login/Identifier
I have only just started mussing over the very same idea. In
my thinking the URLs would be much
/New_York
Subject: RE: Re: Restful Login/Identifier
If you place the password inside the URL as a parameter,
won't that be
sniffable because the URL contents are not encrypted via
SSL, only
the payload of the request? I think that's why Basic Authentication
sends the data inside
15 matches
Mail list logo