I haven't focus on the security topics yet. But since IMOP is very similar to HTTP, I guess we can at least apply the same tricks we use in web apps to Meso programs, such as IMOP over SSL (IMOPS) and session cookies.
Having said that, I think not all applications are equally concerned about security. Public services such as maps, weather services, flight schedules... can all benefit from a cleaner way to represent their APIs where the security is a lesser concern. On Nov 21, 2011, at 3:40 PM, Ricky Clarkson wrote: > I'd be more worried about how you make sure you're not calling out to > something that will expose your private data. I'd want some form of > data tainting a la Perl that prevents AccountNumber from going over > the wire, for instance. And how do I know that the results are > correct from a call, do we need to send this over HTTPS so that we can > validate the certificate chain? The nits that need picking could make > or break this kind of approach. -- You received this message because you are subscribed to the Google Groups "The Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
