Security for REST web services

2 Mar 2006

Mark O'Neill summarizes a talk he did at the recent RSA conference, on security for REST web services. He talks about "true" REST vs. how it is typically used:

... when people talk about a "REST style" Web Service, they usually mean a Web Service that presents a HTTP GET interface. This is very different from the original intent of REST, where GETs are only supposed to be used for fetching information, not for changing server state.

He then makes the point that security is easier to implement when only POSTs are using for changing server state.

The full set of slides from his talk (linked to from Mark's post) is worth a look.

Posted by John on Thursday, March 2, 2006 at 2:38 PM

Filed in and tagged , ,

Related Entries

Recent Entries

  • Where's the innovation in GPS navigation?

    Andy Payne has a post about the disappointing rate of innovation these days in GPS navigation systems. I agree with Andy -- there is a...

  • Long exposure photography

    Digital Photography School has some beautiful examples of long exposure photography....

  • Palm Pre first impressions

    With their announcement of the Pre at CES last week, Palm hopes to return in a serious way the the smartphone marketplace. As an iPhone...

  • Be the cockroaches of the corporate world

    Excellent startup advice from Paul Graham: ...the surest route to success is to be the cockroaches of the corporate world. The immediate cause of death...

  • MLB At Bat update

    Nice update to the MLB At Bat iPhone application. It now includes Gameday information (pitch-by-pitch display, field view, and full box scores), as opposed to...

Close