Hi Jean-Yves, Thanks for the info. We had a plan to integrate with Acegi (now Spring Security). That could indeed be a quick way to gain support for many authentication schemes.
"Support Spring Security" http://restlet.tigris.org/issues/show_bug.cgi?id=264 I still feel that we should attempt to support OpenID more directly, but your approach might be an easier first step. "Support OpenID authentication" http://restlet.tigris.org/issues/show_bug.cgi?id=446 Best regards, Jerome > -----Message d'origine----- > De : news [mailto:[EMAIL PROTECTED] De la part de Jean-Yves Cronier > Envoyé : lundi 21 avril 2008 20:01 > À : discuss@restlet.tigris.org > Objet : Re: Restlet + OpenID > > Do you think the new "Spring Security 2.0" could be helpful ? > -> http://static.springframework.org/spring-security/site/ > > " > [...] > - OpenID integration, which is the web's emerging single sign on > standard (supported by Google, IBM, Sun, Yahoo and others) > [...] > - Comprehensive support for RESTful web request authorization, which > works well with Spring 2.5's @MVC model for building RESTful systems > [...] > " > > > > Jerome Louvel a écrit : > > Salut Jean-Yves, > > > > Thanks for the links. I've updated our RFE with them: > > http://restlet.tigris.org/issues/show_bug.cgi?id=229 > > > > Best regards, > > Jerome > > > >> -----Message d'origine----- > >> De : news [mailto:[EMAIL PROTECTED] De la part de > Jean-Yves Cronier > >> Envoyé : samedi 12 janvier 2008 01:18 > >> À : discuss@restlet.tigris.org > >> Objet : Re: Restlet + OpenID > >> > >> Some docs to begin: > >> * http://wiki.openid.net/OpenID_HTTP_Authentication > >> * http://wiki.openid.net/HTTP_Authentication > >> * http://wiki.openid.net/OpenID_Exchange_1.0 > >> > >> > >> > >> Stian Soiland a écrit : > >>> On 1/3/08, Rob Heittman <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>>> While in concept, it is neat that OpenID providers could > >> authenticate you by > >>>> certificates, biometrics, facial recognition, or smell, in > >> practice they > >>>> generally employ userid and password pairs and therefore > >> offer nothing > >>>> stopping one from mapping that to HTTP Basic on a resource > >> whose URI is > >>>> advertised. > >>> Yeah, there's also nothing stopping an OpenID provider to > be have a > >>> RESTful authentication scheme. > >>> > >>> There's also other initiatives such as OAuth used by (among other > >>> things) OpenSocial. > >>> > > >