REST and authorisation/access control

Okay, so I'm migrating my system over to being more RESTful and quite enjoying the process. The obvious thing that happens is you start thinking about how easy it is for everything to start using the rails rest interfaces for getting and manipulating data.

But what happens when I want to control who can call an update or delete? In rails I'd have a before_filter to check authorisation, but what happens with some other application trying to consume my service that hasn't neccessarily logged in to the web page?

How could I replicate the login process in something outside of rails to make the most of the REST services I'm creating?

Thanks,

Glenn

Glenn,

Okay, so I'm migrating my system over to being more RESTful

[snip]

But what happens when I want to control who can call an update or delete? In rails I'd have a before_filter to check authorisation, but what happens with some other application trying to consume my service that hasn't neccessarily logged in to the web page?

How could I replicate the login process in something outside of rails to make the most of the REST services I'm creating?

You could use an HTTP Authentication scheme (Basic or Digest), such as the one provided by the restful_authentication plugin[1] for both HTML and XML requests. I am assuming your services use XML to talk to each other...

[1] http://www.agilewebdevelopment.com/plugins/restful_authentication

-christos

Christos,

Thanks for that, I'll look into it.

Glenn