On Mon, Feb 17, 2014 at 10:36 AM, Sachith Withana <[email protected]>wrote:
> Hi all, > > We are exploring the options on securing the Thrift API. > > Our objective is to authenticate the server and authorize the client. > What do you mean by authorizing client ? > > The options we are exploring are > > 1. mutual authentication using client and server certificates > This seems to be a good fit according to my understanding. > > 2. Use the server certificate to setup a SSL communication and use OAuth > 1or 2 for the client Authorization > I dont see a requirement for doing this. Usually we use OAuth when we need delegation. I am not clear how a delegation model fits here. Also it make things complicated. Thanks Amila > > Any suggestions on this matter are highly appreciated! > > -- > Thanks, > Sachith Withana >
