I would like to put a web service, at the moment in a intranet of my company, on internet, to make partners able to access information provided by the web service. At the moment, web service is in a SOA, and I decided to move everything to RESTful web service, so in a web oriented architecture. I'm considering some security aspects I should take into account to do this operation.
I don't know which solution can be more useful in my case. I've alr开发者_如何学编程eady looked for HMAC, OAuth information, but I would like to know if is possibile to use OAuth, without introducing a third part.
For example, a partner want to sign in the web site, and then continue the navigation, is 2-legged OAuth useful for my needs? Are there other useful security solution to do this operation?
Really Thanks.
Yes, OAuth supports a "2-legged" case; just omit the oauth_token parameter, and then use either HMAC-SHA1 (shared secret) or RSA-SHA1 (public key) as desired. It's worth noting that the signatures do not cover everything an API client might send; it doesn't cover the body of PUT requests or the body of POST requests that aren't form submissions.
You may want to investigate simply using HTTPS + Basic Auth, as this lets you leverage lots of off-the-shelf software (Apache or equivalent) without having to introduce signing libraries into your client and server.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论