3661Re: [rest-discuss] Why do I care about visibility?
- May 5, 2003
> I am wondering how much thought you have put into applicationBunches.
> security and how it fits in with REST.
> Do you have a model for howEven if it is done carefully, access control does negate some goals
> application security should be done? Has there been an exploration
> of how application security affects other REST guidelines? It
> seems like supporting access control has ramifications for many
> parts of REST, the most well-known effect being the interplay of
> HTTP Auth and caching. It seems that if not done carefully,
> access control could negate many of the benefits of REST. What are
> your thoughts?
of REST (shared caching in particular). However, it doesn't negate
the benefits of the model: a given security model can be analyzed
to see how it affects applications that are attempting to communicate
using the REST model, and then improved based on those observations.
Likewise, security models can learn from the lessons of REST in order
to improve their efficiency.
I think it is very important to note that the REST model is not ideal
for all applications, and that various aspects of security (access
control, authentication, authorization, accounting, and privacy of
communication) will place requirements on the architecture that need
to be addressed in the interaction model.
Most sites address this issue by separating secure services from the
services that need higher scalability. This is hampered somewhat by
the goofy way that WWW browsers warn about "secure" sites containing
"insecure" embedded content. Likewise, just about every variation on
securing web sites is damaged in one way or another by browser
I should note that the big conflict between REST and security models
is the fact that REST does not allow for sessions. What needs to be
understood is that sessions are bad for security models too -- they
cause most of the denial-of-service and man-in-the-middle attacks
to be possible. What is needed is an efficient, session-free means
of authenticating that is more secure than username/password, which
is actually an easy problem to solve if you don't try to solve all
of the security problems at once. What is blocking that is the need
to negotiate security mechanisms before engaging in secure
communication, which is currently done within a session.
- << Previous post in topic Next post in topic >>