Chapter 9. Web Security

THIS CHAPTER FOCUSES ON SOME EXCITING DEVELOPMENTS in security protocols, which combine the Web’s features with mature cryptographic techniques. Yet secure systems need more than just clever cryptography at the network layer to be secure, so throughout this chapter we’ll take a systematic view of web security. We’ll investigate the following four core pillars of secure computing and show how to apply them to build distributed systems on the Web:


The ability to keep information private while in transit or in storage


The ability to prevent information from being changed undetectably


The ability to authenticate parties involved in an interaction


Authorizing a party to interact with a system in a prescribed manner

The Web has evolved solutions to each of these challenges, and in this chapter, we’ll show how those techniques can be adopted for building secure computer-to-computer services.

HTTP Security Essentials

The web community has developed a number of higher-order protocols that address issues such as identity and trust. These protocols sit atop HTTP so as to allow systems to interoperate securely. We’ll look at these protocols shortly, but before we do so, we should understand the basics of HTTP security.

HTTP Authentication and Authorization

As we’ve often seen on the World Wide Web, HTTP natively supports authentication (to establish identity) and authorization (to help establish trust). When a consumer attempts to access a ...

Get REST in Practice now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.