Security is a term used to describe different things at different layers and parts of a system. For instance, take a web-based application that involves users accessing resources. Securing such a system may require the following:
Ensure that only authenticated users access resources.
Ensure the confidentiality and integrity of information right from the moment it is collected until the time it is stored and later presented to authorized entities or users.
Prevent unauthorized or malicious clients from abusing resources and data.
Maintain privacy, and follow the laws of the land that govern various security aspects.
There is no one-size-fits-all solution to address all these needs. Each application requires a careful analysis as part of the architecture and design exercise to cover all these aspects of security.
This chapter covers a subset of security-related topics for RESTful web services. It maps common problems such as authentication, authorization, confidentiality, and integrity to established HTTP-based standards and practices.
Use this recipe to learn how to use HTTP basic authentication.
Use this recipe to learn how to use HTTP digest authentication.
Use this recipe to learn how to use the three-legged OAuth protocol to let users authorize clients to access their resources.
Use this recipe to learn how to use the two-legged OAuth protocol to authenticate clients.
Use this recipe to learn how to prevent the ...