JC, We do a combination of Basic Authentication and AWS Authentication (both available in Restlet). First the user logs in using Basic Authentication to retrieve tokens (identifiers) that are then used on subsequent requests. The token is used to generate a hash which is sent with every request within the Authorization header using the AWS Authentication scheme.
Basic Authentication works for us because we push all requests via HTTPS...you might need to use something else if you are not SSL-encrypted. I think the "Restful approach" will require you to send authentication credentials for every request. You can pass the digested password for each request, but the AWS Authentication scheme provides a nice layer of redirection so you are not storing the password anywhere on the client. Hope that helps, Mitch > -----Original Message----- > From: news [mailto:[EMAIL PROTECTED] On Behalf Of JC > Sent: Tuesday, October 02, 2007 1:44 PM > To: [email protected] > Subject: Restful Login/Identifier > > I am trying to develop a Restful login system. Using a web > service I want to identify a user based on their user name > and password, but I am not sure the best (Restful) approach. > > I would like to avoid the RPC approach of calling an > authenticate method, passing in a user name and password. > > The best (Restful) solution I have come up w/ so far is to > have the URL HTTPS://www.example.com/user/{user}. The {user} > placeholder would be the MD5 value of the concatenated string > of user name + password. > > Ex. > User name: MyName > Password: MyPassword > {user} = MD5(MyName+MyPassword) > > If the user is found return a XML representation of the user, > if not return a > 404 error. > > Thoughts, comments, suggestions? >
