[FoRK] overhead of RESTful stuff

Gregory Alan Bolcer greg at bolcer.org
Thu Mar 8 10:03:58 PST 2012


Yeah, well.  I think no REST service should be used without mutual 
authentication and dynamic client certificate allocation and selection 
(as the token), but I'm in a minority of two.

http://tinyurl.com/mutualauthaccess

Greg

On 3/8/2012 9:51 AM, Lucas Gonze wrote:
> I got a lot of pushback recently on OAUTH for API purposes. Problem #1
> is that it relies on a request header, which isn't possible when
> you're grabbing JSONP by inserting a<script>  element, which will be
> necessary until CORS reach is complete. Problem #2 is that it's more
> complex to code than the alternatives.
>
> Developers I talked to strongly preferred getting a token which you
> then include in future requests as a parameter. This is highly
> un-RESTful, but developers see that argument as frippery for ponces.
>


More information about the FoRK mailing list