Lists Home |
Date Index |
Paul Prescod wrote,
> Rich Salz wrote:
> > Suppose I need to fetch a resource such that only the endpoints can
> > now the item being retrieved and the response. I can do the
> > response easily enough, send xml-encrypted data. How do I send the
> > request in a REST fashion? I think this is beyond the scope of
> > REST, but am not sure; any thoughts? (Imagine requesting medical
> > records; because of my "only endpoints" requirement -- imposed by
> > us HIPPA regulations -- SSL will not suffice.)
> Could you describe how SSL fails to satisfy?
Perhaps the HTTPS server isn't the endpoint in the sense relevant to the
security constraint ... but it will see the cleartext URI.