Folks;
after dealing a bit with the various considerations and concerns of
securing a REST/Jersey based infrastructure also all along with
securing various other resources exposed by already existing systems, I
am tempted to deal with oauth as, at least looking at it from a 10,000
feet point of view, seems to be a sane solution to our problem. So, I'd
like to get a local oauth server and a small testbed infrastructure up
and running, yet I am making my way through a bunch of documentation
and so-so blog posts on the issue. So, two general questions before I
proceed:
* Is oauth generally a technology I would want to consider dealing
with? There seems a vast amount of people both promoting and bashing
it, and both seem to have valid points...
* Is there a straightforward tutorial on how to quickly establish a
working local (client, server) oauth infrastructure? For what I read
so far, the general principles and concepts of oauth itself _seem_
clear to me, except for the fact that in most of these papers it
seems people assume there is "some oauth provider", which leaves out
the information I actually would like to have (how to "oauth'ify" an
existing credentials/roles/authentication infrastructure).
Thoughts, anyone?
TIA and all the best,
Kristian