On 21/04/12 02:52, Christopher Riley wrote:
If you are doing REST services, you should be using SSL/TLS over HTTP.
Transport security will encrypt anything that is on the wire and is what
REST consumers expect. WS-Security focuses on XML-Encryption and XML-DigSig
with an expectation that you are moving XML payloads.
WS-Security builds on top of XML Signature & Encryption, so CXF provides
an option for non-WS participants to exchange the data securely without
depending on HTTPS.
JSON would not be
recommended here. If you need to encrypt JSON data at rest you could look
at PGP or the like also.
Most likely we will invest some time into supporting JSON Web Tokens
Sergey
On Wed, Apr 18, 2012 at 1:30 PM, semecxf<[email protected]> wrote:
Any api for doing json encryption and decryption?
I thought JAX-RS: XML Security can do json encryption and decryption, but
it
does not appear it can.
--
View this message in context:
http://cxf.547215.n5.nabble.com/Rest-Json-Encryption-and-decryption-tp5649768p5649768.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
