OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation

[ Lists Home | Date Index | Thread Index ]


On Jan 6, 2004, at 12:10 PM, Elliotte Rusty Harold wrote:

> At 12:04 PM -0500 1/6/04, Rich Salz wrote:
>
>> I read it.  It appears that good security practices conflict with 
>> REST.  It's nice to hear the RESTafarians admit it.
>
> Possibly you read a message I missed or interpreted it differently. 
> Could you please provide the URL to and quote from the specific 
> message which demonstrates that good security practices conflict with 
> REST?
>

http://groups.yahoo.com/group/rest-discuss/message/3593
Quoth Dr. Fielding, "I think it is more accurate to say that, because 
user identification must be supplied
with each request subject to authentication, that an action like LOGIN 
would only add overhead."

That's at least inconsistent with currently understood best practices, 
although of course he (and you) could be proven right in the long run.

Can anyone point to a secure, scalable, automated [i.e., can be used by 
software as a service as well as humans], and successful site that 
adheres to REST principles?  Amazon probably comes the closest, but the 
tast I tried, Amazon wouldn't do much for me without cookies enabled.  
(I tried a brief experiment disabling cookies awhile ago and was not a 
happy user of the Web As It Is).  Empirical proof that REST really 
works would create a lot more converts than evangelism of its theory.





 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS