[osee-dev] OSEE Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[osee-dev] OSEE Security

From: "Brooks, Ryan D" <ryan.d.brooks@xxxxxxxxxx>
Date: Tue, 25 Jun 2013 05:52:04 +0000
Accept-language: en-US
Delivered-to: osee-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/osee-dev>
List-help: <mailto:osee-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/osee-dev>, <mailto:osee-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/osee-dev>, <mailto:osee-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: Ac5xaB4w1vCdHQgDTuSASP2NLKvkQw==
Thread-topic: OSEE Security

I think we can simplify the OSEE security model if we require all incoming requests to come through the REST API. This means that we could use a single security protocol that would be applied to all REST calls. (This would in no way limit server-side to server-side calls to using the REST API). One change this would require is to the server-side console interface (however this could be safely done later).

I found the following link to be a helpful guide to securing a REST API: http://www.stormpath.com/blog/secure-your-rest-api-right-way

This link provides some specifics about using OAuth Core 1.0 Revision A: https://wikis.oracle.com/display/Jersey/OAuth

Thanks,

Ryan

Prev by Date: [osee-dev] Two questions on OSEE
Next by Date: [osee-dev] OSEE Tips and Tricks
Previous by thread: [osee-dev] Two questions on OSEE
Next by thread: [osee-dev] OSEE Tips and Tricks
Index(es):
- Date
- Thread

Breadcrumbs