Lists Home |
Date Index |
Paul Prescod wrote,
> Rich doesn't have a choice so I'm not going to criticize him for not
> using REST. I'm just pointing out that it isn't a failing of REST
> that it cannot do the exact opposite of what it was designed to do.
> It's like asking for an object modeling style that doesn't require
> you to use objects. ;)
> He can't afford to pay the price of REST and he won't get the
> benefits. A perfectly legitimate engineering choice.
I'm afraid that doesn't wash.
The law isn't arbitrarily and unreasonably frustrating the ambitions of
RESTians ... the law is mandating good security practices. If REST/HTTP
isn't up to the job, then so much the worse for REST/HTTP.
But as I said, I don't believe this is a problem with REST per se.
Rather then blaming legislators or accusing security practicioners of
advocating proprietary protocols, why not try and show how RESTful
principles can be applied end-to-end in this kind of scenario without
having to trust an intermediary HTTP server?