Comments on: Notes from the March, 2007 East Bay Ruby Meetup http://zach.copley.name/blog/2007/03/23/notes-from-the-march-2007-east-bay-ruby-meetup/ Wed, 30 Jun 2010 01:51:17 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Sam http://zach.copley.name/blog/2007/03/23/notes-from-the-march-2007-east-bay-ruby-meetup/comment-page-1/#comment-19 Sam Sun, 25 Mar 2007 04:18:47 +0000 http://zach.copley.name/blog/2007/03/23/notes-from-the-march-2007-east-bay-ruby-meetup/#comment-19 Well HTTP auth does have some shortcomings, mostly due to browser support and legacy whatnot. But you could always use SSL if you don't trust HTTP auth. You're right about HTTP sessions (or really cookies.) This is what the REST architecture really doesn't do. And it doesn't do it by design. I enjoyed this analysis on why a purported REST application isn't really REST, maybe it will clear some of the issues up: http://www.xml.com/pub/a/2005/01/05/restful.html Also there is the REST wiki: http://rest.blueoxen.net/ Well HTTP auth does have some shortcomings, mostly due to browser support and legacy whatnot. But you could always use SSL if you don’t trust HTTP auth.

You’re right about HTTP sessions (or really cookies.) This is what the REST architecture really doesn’t do. And it doesn’t do it by design.

I enjoyed this analysis on why a purported REST application isn’t really REST, maybe it will clear some of the issues up:

http://www.xml.com/pub/a/2005/01/05/restful.html

Also there is the REST wiki:

http://rest.blueoxen.net/

]]> By: zcopley http://zach.copley.name/blog/2007/03/23/notes-from-the-march-2007-east-bay-ruby-meetup/comment-page-1/#comment-18 zcopley Sat, 24 Mar 2007 07:52:43 +0000 http://zach.copley.name/blog/2007/03/23/notes-from-the-march-2007-east-bay-ruby-meetup/#comment-18 Well, I guess what I meant was "authenticated sessions" Sessions are what's stateful, right? Also, the implementations of HTTP authentication I've seen haven't really seemed that great or secure. Or maybe you can school me here. I see your point about scalability Well, I guess what I meant was “authenticated sessions” Sessions are what’s stateful, right? Also, the implementations of HTTP authentication I’ve seen haven’t really seemed that great or secure.

Or maybe you can school me here.

I see your point about scalability

]]> By: Sam http://zach.copley.name/blog/2007/03/23/notes-from-the-march-2007-east-bay-ruby-meetup/comment-page-1/#comment-17 Sam Sat, 24 Mar 2007 07:29:06 +0000 http://zach.copley.name/blog/2007/03/23/notes-from-the-march-2007-east-bay-ruby-meetup/#comment-17 Lies! User Auth is built into HTTP. So if it is done via proper HTTP authentication there is no problem in using authentication in REST. What REST does not handle is opaque cookies. The reason being is that they defeat proxying/load balancing strategies that help an application be easily scalable. Lies!

User Auth is built into HTTP. So if it is done via proper HTTP authentication there is no problem in using authentication in REST.

What REST does not handle is opaque cookies. The reason being is that they defeat proxying/load balancing strategies that help an application be easily scalable.

]]>