[FoRK] overhead of RESTful stuff
eugen at leitl.org
Fri Mar 9 01:11:21 PST 2012
On Thu, Mar 08, 2012 at 10:03:58AM -0800, Gregory Alan Bolcer wrote:
> Yeah, well. I think no REST service should be used without mutual
> authentication and dynamic client certificate allocation and selection
> (as the token), but I'm in a minority of two.
Not appropriate in our case. Think of it as integrating heterogenous
systems via web services, mostly over LAN, some over WAN (then firewalled/VPN).
> On 3/8/2012 9:51 AM, Lucas Gonze wrote:
>> I got a lot of pushback recently on OAUTH for API purposes. Problem #1
>> is that it relies on a request header, which isn't possible when
>> you're grabbing JSONP by inserting a<script> element, which will be
>> necessary until CORS reach is complete. Problem #2 is that it's more
>> complex to code than the alternatives.
>> Developers I talked to strongly preferred getting a token which you
>> then include in future requests as a parameter. This is highly
>> un-RESTful, but developers see that argument as frippery for ponces.
> FoRK mailing list
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the FoRK