users@jersey.java.net

Authetication + RESTful

From: Alireza Sami <sami2box_at_hotmail.com>
Date: Thu, 10 Apr 2008 15:23:57 -0400

Hi,
 
I am a new member of this group. We are trying to develop a set of RESTful services for our application.
 
In the definition of RESTful it is mentioned that RESTful is a protocol which is:
 
- Client-server - Stateless - Cacheable - Layered
Please correct me if I am wrong. My understanding is that, if I create a RESTful service, it should not return different results for different users because there is nothing like a Session object in the REST world.
 
Now, if I support Authentication and/or Authorization for my service, I would have different results for different clients which is in fact against the fundamentals of this protocol. So, the question is that, how we should handle security without violating the essential rules of the REST?
 
Your help is greatly appreciated.
 
Thank you,
-Sami
 
_________________________________________________________________
Get in touch in an instant. Get Windows Live Messenger now.
http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh_getintouch_042008