[oslc-core] Authentication details in service documents
Arthur Ryman
ryman at ca.ibm.com
Tue Aug 31 16:49:21 EDT 2010
Jim,
I don't think it follows that Service documents need to be unsecured. They
could be secured with the usual Web authentication mechanisms, e.g.
HTTPS+BASIC, or Digest. OAuth is really for the more complicated case of
an application acting on behalf of a user.
Regards,
___________________________________________________________________________
Arthur Ryman, PhD, DE
Chief Architect, Project and Portfolio Management
IBM Software, Rational
Markham, ON, Canada | Office: 905-413-3077, Cell: 416-939-5063
Twitter | Facebook | YouTube
From:
James Conallen <jconallen at us.ibm.com>
To:
oslc-core at open-services.net
Date:
08/26/2010 09:48 AM
Subject:
[oslc-core] Authentication details in service documents
Sent by:
oslc-core-bounces at open-services.net
As I look at the service documents there are properties for establishing
OAuth in the same document that lists contexts (service providers). I am
assuming that documents possessing authentication establishment
information are expected to be available without authentication. This
means that context information will be available without authentication,
which I don't think is right.
What is everyone else's understanding?
<jim/>
jim conallen
jconallen at us.ibm.com
Rational Software, IBM Software Group
_______________________________________________
Oslc-Core mailing list
Oslc-Core at open-services.net
http://open-services.net/mailman/listinfo/oslc-core_open-services.net
More information about the Oslc-Core
mailing list