Phpster wrote: > I am interested in how you are handling security in this process. How > are you managing sessions with the restful interface? This is the one > thing that really interests me with the whole restful approach.
one doesn't do sessions with rest :) http://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm 95% of the time the uri's don't need any security or "session" type stuff as it's all public data (think about it, if it's on a page, it's naturally public) with regards security; personally I use client side ssl certificates and call through https (and further foaf+ssl) however any old basic/digest/whatever authentication will do. the major point of rest is to expose everything needed via GET on URIs, (hypermedia as the engine of application state); URIs are not GETable at a later date if they require session data. Hence why you pass or prompt for any needed credentials; and further abstract the security in to the transport layer (or tunnel, in the case of https). regards! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
