Abstract:
The learning curve for security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, offer endless extensions, and almost seem designed to deliberately confuse. With an eye on architectural impact, actual HTTP messages, and aggressive distaste for fancy terminology, this session delves into OAuth 2.0 as it pertains to REST and shows how it falls into two camps: stateful and stateless. It then explores a competing Amazon-style approach called HTTP Signatures, ideal for B2B APIs. Finally, it discusses a new internet draft launched this year that combines them both into the perfect two-factor system that could provide a one-stop shop for business as well as mobile REST scenarios.
Speaker: Roberto Cortez
Senior Software Engineer at Tomitribe, Speaker, Java Champion, Java One Rockstar, JNation Conference Founder & Organizer, JUG Leader
LinkedIn: [ Ссылка ]
Blog: [ Ссылка ]
Host:
Bazlur Rahman
JUG Leader, JUGBD
