Hi Sachith Sorry for the long delay...
I recommend to use a string authToken or similar within each service as first parameter. This enables security at service level and is usually the thing you need from a long term perspective. On the other hand there is SSL at the transport layer. Good in combination with the service level authentication. Supported by many languages, but not yet integrated into the cross languages test suite. The other thing is SASL available on java implementation, patches might be available for other languages. All the best! -roger -----Original Message----- From: Sachith Withana [mailto:[email protected]] Sent: Samstag, 1. Februar 2014 19:55 To: [email protected] Subject: Securing public Thrift API Hi all, I'm working with Apache Airavata and we are in the process of using Apache Thrift for both internal and external uses. I'm looking into the security aspects of Thrift. Any suggestions on securing the communication? In the case of Evernote, I read that they are using a proxy as well? -- Thanks, Sachith Withana
