[Ssc-dev] Authentication, Authorization and Architecture
Lee Azzarello
lee at rockingtiger.com
Wed Mar 6 20:21:49 EST 2013
That should have read "nor the requirements". On mobile, sorry.
-l
On Wed, Mar 6, 2013 at 8:21 PM, Lee Azzarello <lee at rockingtiger.com> wrote:
> Nathan,
>
>
> Can you describe the level of detail for authorization of roles from
> client to server? I don't think I understand the scope of this project
> not the requirements to ensure a chain of custody in a court of law.
>
>
> Regards,
>
> Lee
>
> On Wed, Mar 6, 2013 at 8:05 PM, Nathan of Guardian
> <nathan at guardianproject.info> wrote:
>> On 03/07/2013 04:53 AM, Bryan Nunez wrote:
>>> I'm not sure if there are existing libraries, but if we are looking for an
>>> advanced math/cs person I can ask the people at the AAAS volunteer
>>> scientists program, who've offered to help in the past.
>>
>> Do "advanced math/cs person" really understand anything about securing
>> RESTFul Web APIs?
>>
>> Seems like we are opening the door up to a whole bunch of theory and not
>> much actual practice. I agree with Hans that securing web APIs is pretty
>> much a known affair, at least to the level we should be concerned about
>> right now.
>>
>> As an example, why don't we just clone what AWS offers? Or even Google
>> themselves (OAuth etc)?
>>
>> I am happy to be proven wrong and shown I am not thinking *big* enough,
>> but I also want to make sure we apply our advanced thinking and r&d into
>> the right places, and re-inventing web security seems like outside of
>> our wheelhouse.
>>
>> +n
>>
More information about the Ssc-dev
mailing list