[FoRK] overhead of RESTful stuff
Gregory Alan Bolcer
greg at bolcer.org
Thu Mar 8 10:03:58 PST 2012
Yeah, well. I think no REST service should be used without mutual
authentication and dynamic client certificate allocation and selection
(as the token), but I'm in a minority of two.
On 3/8/2012 9:51 AM, Lucas Gonze wrote:
> I got a lot of pushback recently on OAUTH for API purposes. Problem #1
> is that it relies on a request header, which isn't possible when
> you're grabbing JSONP by inserting a<script> element, which will be
> necessary until CORS reach is complete. Problem #2 is that it's more
> complex to code than the alternatives.
> Developers I talked to strongly preferred getting a token which you
> then include in future requests as a parameter. This is highly
> un-RESTful, but developers see that argument as frippery for ponces.
More information about the FoRK