Re: [rest-discuss] Security
- Hi Mohan,
On 21.04.2013, at 04:08, Mohan Radhakrishnan <radhakrishnan.mohan@...> wrote:
> What are the recommendations for securing REST calls ?
I recommend OAuth1 2-legged for now and I recommend watching Oz which, among other things, solves the scalability issues of OAuth1.
> I searched and found http://answers.oreilly.com/topic/2180-rest-in-practice-http-security-essentials/
> So what I understand is that when people say that REST does not have security they are probably thinking of WS-Security. I am not contrasting SOAP with REST here but just trying to get various ideas for REST HTTP protocol security. I understand HTTPS is separate.