[OTDev] Authentication and authorisation for OpenTox REST services
Nina Jeliazkova nina at acad.bgWed Sep 30 10:51:04 CEST 2009
- Previous message: [OTDev] Authentication and authorisation for OpenTox REST services
- Next message: [OTDev] Authentication and authorisation for OpenTox REST services
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Andreas, Andreas Maunz wrote: > Hi Nina and all, > > Nina Jeliazkova wrote: > >> Current status : >> >> * Own (minimal) implementation of AA for some services (NTUA, IDEA >> –HTTP Basic for dataset POST, others?) >> > All: correct me if I am wrong, but I guess there is virtually no AA > implemented in any individual partner service. > Correct, there are attempts to protect some resources from spammers/incident writing by HTTP Basic, but that should not be considered anywhere near AA. > >> Options: >> >> * Centralized service providing Identity >> * Federated AA >> > I am in favor of a centralized service: > - could be a service (later also paid service) that we offer to the > community. > - will be easy to maintain by a single party (Accounts are most often > created only once and then just used). > > >> Technologies to consider (the list is not complete!) : >> * HTTP Basic + SSL >> * HTTP Digest >> * OpenID >> * OpenAuth >> * Google OAuth & Federated Login >> http://sites.google.com/site/oauthgoog >> <http://sites.google.com/site/oauthgoog/Overlap> >> * FOAF + SSL (pretty new) http://esw.w3.org/topic/foaf+ssl >> * SAML >> > Personally I would give FOAF + SSL a try, due to its integration with REST. > Do you have any experience on FOAF+SSL in this context and what is the support by the different platforms, used by partners? Regards, Nina > Greetings > Andreas > >
- Previous message: [OTDev] Authentication and authorisation for OpenTox REST services
- Next message: [OTDev] Authentication and authorisation for OpenTox REST services
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list