REST and authorisation/access control

Okay, so I'm migrating my system over to being more RESTful and quite
enjoying the process. The obvious thing that happens is you start
thinking about how easy it is for everything to start using the rails
rest interfaces for getting and manipulating data.

But what happens when I want to control who can call an update or
delete? In rails I'd have a before_filter to check authorisation, but
what happens with some other application trying to consume my service
that hasn't neccessarily logged in to the web page?

How could I replicate the login process in something outside of rails
to make the most of the REST services I'm creating?

Thanks,

Glenn

Glenn,

Okay, so I'm migrating my system over to being more RESTful

[snip]

But what happens when I want to control who can call an update or
delete? In rails I'd have a before_filter to check authorisation, but
what happens with some other application trying to consume my service
that hasn't neccessarily logged in to the web page?

How could I replicate the login process in something outside of rails
to make the most of the REST services I'm creating?

You could use an HTTP Authentication scheme (Basic or Digest), such as the one provided by the restful_authentication plugin[1] for both HTML and XML requests. I am assuming your services use XML to talk to each other...

[1] http://www.agilewebdevelopment.com/plugins/restful_authentication

-christos

Christos,

Thanks for that, I'll look into it.

Glenn