One of my favorite pieces of music: Tony Banks' keyboard playing in Apocalype in 9/8 from Genesis' Supper's Ready
1
deleted ~200,000 spam comments from blogs of ex-innoQ employees; wondering why Google hasn't kicked us out of their index yet :-|
@Carnage4Life tempted to offer you webspace on our servers just to be able to reliably read your frigging blog ;-)
RT @assaf HMAC implementation e.g. for webhooks http://auth-hmac.rubyforge.org/
@jcgregorio OK, sold on HMAC - seems ideal for many cases. No standard HTTP header definition in sight?
@justinsheehy Makes sense – so the security level of HMAC usage as in PostCommitWebHooks is in between Basic's and Digest's.
@jcgregorio points to HMAC as used in http://code.google.com/p/support/wiki/PostCommitWebHooks - wondering about advantages over HTTPdigest?
@atmanes I consider WS-S Username/Token profile roughly equivalent to HTTP Basic and Digest Auth. Am I missing something?
@dluebke I don't know of an existing proposal to integrate RESTful HTTP w/ SAML. And not sure I would want to :)
@poutsma Thanks; subsumed x.509 under SSL. My only excuse: Twitter 140 char limit
Working on chapter on REST security. basic, digest, ssl, xml enc/dsig, atom, jclark's work, openid, oauth, googleauth. What am I missing?