Just trying to clarify a couple of the requirements for securing the
management APIs to AS7.
For both the HTTP and the Remoting APIs would the connections from the
clients be maintained or a new connection established for each operation?
I am trying to establish here if we are going to need our own
authentication cache - if the connections are kept alive then any
established identity can be held with the connection for future
invocations but if we are regularly establishing new connections we are
going to need an alternative caching mechanism to prevent repeatedly
calling out to the back end repository of users.
Regards,
Darran Lofthouse.