[Ssc-dev] Authentication, Authorization and Architecture
Nathan of Guardian
nathan at guardianproject.info
Wed Mar 6 20:05:18 EST 2013
On 03/07/2013 04:53 AM, Bryan Nunez wrote:
> I'm not sure if there are existing libraries, but if we are looking for an
> advanced math/cs person I can ask the people at the AAAS volunteer
> scientists program, who've offered to help in the past.
Do "advanced math/cs person" really understand anything about securing
RESTFul Web APIs?
Seems like we are opening the door up to a whole bunch of theory and not
much actual practice. I agree with Hans that securing web APIs is pretty
much a known affair, at least to the level we should be concerned about
right now.
As an example, why don't we just clone what AWS offers? Or even Google
themselves (OAuth etc)?
I am happy to be proven wrong and shown I am not thinking *big* enough,
but I also want to make sure we apply our advanced thinking and r&d into
the right places, and re-inventing web security seems like outside of
our wheelhouse.
+n
More information about the Ssc-dev
mailing list