[OGSA-BES-WG] A RESTFul HTTP mapping of the BES WSDL
Donal K. Fellows
donal.k.fellows at manchester.ac.uk
Tue Sep 30 10:42:07 CDT 2008
Christopher Smith wrote:
> Could you not employ X.509 client/server authentication at the TLS layer? I
> believe you can access the certificate information when processing the HTTP
> operations.
>
> Just wondering....
That sounds like an entirely practical way of doing it to me, especially
as there is rather a lot of in-service experience out there with
handling authentication and authorization for access to HTTP operations.
There might be a few tricky bits of course (notably how to handle
telling the client how to authenticate to the server, though in the
fallback case of username/password all that stuff exists already) but it
still seems quite possible.
I like the idea that the interfaces we define are fundamentally
independent of how they are interacted with. That has the architectural
equivalent of Good Code Smell. :-)
Donal.
More information about the ogsa-bes-wg
mailing list