Mike, OAuth is different things for different people. OAuth proper (the 3- legged flow) is not suitable for JAX-RS. However, we use OAuth signing to secure all our API calls and HTTP redirects. Someone asked me about using Jersey to make the OAuth-signed calls so we played around with Jersey. It's pretty easy to plug OAuth in. On server side, you can get all the parameters and headers, so you should be able to use Java library to verify the signature. On client side, the Jersey Client Library can be extended to support the signing. This would be an interesting extension to add to the Java library.
In my opinion, you don't add much security by using OAuth on client because there is no way to keep the secret. However, many people still do it. It may raise the hurdle for hacking a little, but not much. To answer all your questions, 1. No, unless you know how to keep the secret or you don't care about security :( There is an Object-C library you can use. 2. No for the same reason. Anyone can get your secret and make calls just like your app. 3. No but OAuth doesn't provide encyrption. If you need confidentiality, you can use OAuth over SSL. 3a. See #2. It can be used to validate user if you can get around the security issue on iPhone. 4. I have no idea. 5. See #3 6. Function-wise, they have a tiny bit overlap (both handles authorization) but the implementations are very different. REST Identity Services is not restful at all. Most Liberty/OASIS protocols use SOAP as the communication stack. REST Identity Services simply removes SOAP but it still relies on heavy duty protocols like SAML, XACML etc.You use REST for simplicity but this is not really simple. So I would rather use the full Identity Services if I go that route. Zhihong --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
