Hi all,
I want to secure my restful web service, which is used internally only (i.e. no
3rd parties) and is accessed via a web tier using java, javascript, and flex.
However, I do not want to use basic authentication security, since I do want to
transfer back-and-forth the user name and password with each request.
I've looked into both OAuth and SSO as options for securing the web service,
I'm
just not sure whether either is sensible. I'd appreciate it if others could
share what approach (OAuth, SSO, or whatever else used) they took for securing
their web service and why they selected that approach.
Also, if anyone knows where to find an implementation guide for OAuth, I'd
appreciate it if you could pass along that information. Thanks.
-Dan
