[jbossws-issues] [JBoss JIRA] Updated: (JBWS-1548) REST support

Thomas Diesler (JIRA) jira-events at lists.jboss.org
Wed Jan 16 13:04:22 EST 2008 

     [ http://jira.jboss.com/jira/browse/JBWS-1548?page=all ]

Thomas Diesler updated JBWS-1548:
---------------------------------

    Fix Version/s: jbossws-3.x
                       (was: jbossws-3.0.1)

> REST support
> ------------
>
>                 Key: JBWS-1548
>                 URL: http://jira.jboss.com/jira/browse/JBWS-1548
>             Project: JBoss Web Services
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: jbossws-native
>            Reporter: William DeCoste
>             Fix For: jbossws-3.x
>
>
> Intuit request. Notes:
> Third party presents user credentials via Web service to the server to assure confidentiality.  
> Third party can be a remote trusted host (e.g. third party application), hosted application (e.g. in remote data center) or a trusted service provider that interact with Intuit Web services.
> The Web service can be SOAP or REST Web service.  The Server is a business service running Java Web services using a Java EE Web / application server.
> The user credentials can be username tokens (e.g. user id and password), digital certificates tokens (e.g. X.509v3 certificates), binary tokens (e.g. biometrics, fingerprint) or a mixture of these tokens (as in multi-factor authentication).
> ---------------------------------------------------------------------------------------------------------------------------
> System consumes a public REST Web service.
> System uses a security token to assure confidentiality when invoking a REST Web service, if sensitive data is carried, or if service provider requires a security token for authentication.
> System optionally encrypts or decrypts the sensitive business data when interacting with a REST Web service.
> Intuit currently implement REST based Web services through a custom Servlet. Authentication can be achieved by using http based authentication. Support for other security features, would currently need to be implemented by Intuit; maybe using Servlet filters. There are no standards for REST Web services, or for defining value add services such as security. However, according to the Merlin group, Microsoft and IBM have a common way of using REST Web services. Also, Google and Amazon offer REST based Web services too. Therefore, with the absence of any standards, the only real option for JBoss to support REST would be to work with what other vendors are currently doing. However, the REST area is currently in flux, so any implementation would be risky due to the high possibility of change.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossws-issues mailing list