Chapter 10. Security

There are three main areas of focus when securing services: authentication, authorization, and encryption. Authentication refers to verifying that the user is who she says she is and that no one has tampered with her message. Authorization refers to determining what a given user is allowed to do on the system. Encryption is a technique to keep people in the middle from being able to know what data is being sent back and forth. All three are important to properly securing a system, but each is approached in a different way. This chapter covers how to approach each of these facets of security to ensure that your services are not compromised.


There are two main components to authentication. The first is validating ...

Get Service-Oriented Design with Ruby and Rails now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.