Loading ...
Sorry, an error occurred while loading the content.

Re: [rest-discuss] API Keys

Expand Messages
  • Nicholas Shanks
    ... And here s another: http://tools.ietf.org/html/draft-shanks-http-form-authentication-00 My first I-D, posted this week. :) — Nicholas. On 29 Nov 2012, at
    Message 1 of 7 , Nov 29, 2012
    • 0 Attachment
      On 29 Nov 2012, at 12:55, Cíat Ó Gáibhtheacháin <k@...> wrote:

      you'd end up with something similar to
      Digest auth, so you might want to consider just using that unless you
      can come up with something provably superior. Here's an example of an
      alternative auth method:

         http://www.xml.com/pub/a/2003/12/17/dive.html

      And here's another:
      http://tools.ietf.org/html/draft-shanks-http-form-authentication-00
      My first I-D, posted this week. :)

      — Nicholas.
    • Peter Williams
      ... +1, HTTP auth is a tragically underused part of the standard. Peter barelyenough.org
      Message 2 of 7 , Nov 29, 2012
      • 0 Attachment
        On Thu, Nov 29, 2012 at 5:55 AM, Cíat Ó Gáibhtheacháin <k@...> wrote:
        > You'd be better off proposing an alternative HTTP auth method, if
        > anything, where the client sends something like this (assuming the API
        > key is a UUID):
        >
        > Authorization: Key b67570be-3a22-11e2-8ca6-0015c55d83ee

        +1, HTTP auth is a tragically underused part of the standard.

        Peter
        barelyenough.org
      Your message has been successfully submitted and would be delivered to recipients shortly.