Chapter 9. Web Security
THIS CHAPTER FOCUSES ON SOME EXCITING DEVELOPMENTS in security protocols, which combine the Webâs features with mature cryptographic techniques. Yet secure systems need more than just clever cryptography at the network layer to be secure, so throughout this chapter weâll take a systematic view of web security. Weâll investigate the following four core pillars of secure computing and show how to apply them to build distributed systems on the Web:
- Confidentiality
The ability to keep information private while in transit or in storage
- Integrity
The ability to prevent information from being changed undetectably
- Identity
The ability to authenticate parties involved in an interaction
- Trust
Authorizing a party to interact with a system in a prescribed manner
The Web has evolved solutions to each of these challenges, and in this chapter, weâll show how those techniques can be adopted for building secure computer-to-computer services.
HTTP Security Essentials
The web community has developed a number of higher-order protocols that address issues such as identity and trust. These protocols sit atop HTTP so as to allow systems to interoperate securely. Weâll look at these protocols shortly, but before we do so, we should understand the basics of HTTP security.
HTTP Authentication and Authorization
As weâve often seen on the World Wide Web, HTTP natively supports authentication (to establish identity) and authorization (to help establish trust). When a consumer attempts ...
Get REST in Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
