[FoRK] overhead of RESTful stuff

Eugen Leitl eugen at leitl.org
Fri Mar 9 01:11:21 PST 2012


On Thu, Mar 08, 2012 at 10:03:58AM -0800, Gregory Alan Bolcer wrote:
> Yeah, well.  I think no REST service should be used without mutual  
> authentication and dynamic client certificate allocation and selection  
> (as the token), but I'm in a minority of two.

Not appropriate in our case. Think of it as integrating heterogenous
systems via web services, mostly over LAN, some over WAN (then firewalled/VPN).

> http://tinyurl.com/mutualauthaccess
>
> Greg
>
> On 3/8/2012 9:51 AM, Lucas Gonze wrote:
>> I got a lot of pushback recently on OAUTH for API purposes. Problem #1
>> is that it relies on a request header, which isn't possible when
>> you're grabbing JSONP by inserting a<script>  element, which will be
>> necessary until CORS reach is complete. Problem #2 is that it's more
>> complex to code than the alternatives.
>>
>> Developers I talked to strongly preferred getting a token which you
>> then include in future requests as a parameter. This is highly
>> un-RESTful, but developers see that argument as frippery for ponces.
>>
> _______________________________________________
> FoRK mailing list
> http://xent.com/mailman/listinfo/fork
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


More information about the FoRK mailing list