StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHypermedia (ReST) SOA: Good design for consistent service-level authentication?
primarykey
Id
7355748
data
AcceptedAnswerId
0
AnswerCount
1
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2011-09-08T23:43:20.060
FavoriteCount
0
LastActivityDate
2011-09-08T23:57:12.127
LastEditDate
2011-09-08T23:49:18.263
LastEditorUserId
934807
OwnerUserId
934807
ParentId
0
PostTypeId
1
Score
2
ViewCount
363
LastEditorDisplayName
text
Body
I'm currently developing an SOA solution, where each service in the architecture is a secure, authenticating hypermedia resource (as in really hypermedia, not RPC with pretty URLs). Customer-facing, company-internal and customer-built applications will be built on top of this architecture (nothing unusual here). I cannot assume that there exists a common authentication pattern between applications because requirements for user identification and credential management can differ significantly. It follows that services in the architecture must employ a separate authentication scheme. Ideally this would be completely consistent between services (for example HMAC), to allow as much client/server module re-use as possible. My question to you is this: is there a common pattern for providing consistent authentication and credential management across decoupled services? If so, what is it? I came up with a few ideas, but input from more experienced engineers would be appreciated: 1) Each service exposes a discrete but mechanically identical authentication interface, and is responsible for its own credential management. 2) As 1) but with shared credential management. A discrete authentication interface is still exposed for each service in the architecture, as in 1), but the underlying data medium is shared. 3) There is a single shared authentication service, which is responsible for authentication and credential management for itself and all other services. I find idea 2) to be the most appealing, but it needs some refinement. Unless I am totally on the wrong track here. Please criticise/suggest as much as you see fit. Bearing in mind of course that this is about design and not implementation; I'm not interested in framework/middleware/protocol XYZ at this point. Apologies for the prose, and thanks for reading.
Tags
<authentication><rest><soa><separation-of-concerns><hypermedia>
Title
Hypermedia (ReST) SOA: Good design for consistent service-level authentication?
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USNiall Cairns
UserOwnerUserId
1. USNiall Cairns
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POHypermedia (ReST) SOA: Good design for consistent service-level authentication?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POHypermedia (ReST) SOA: Good design for consistent service-level authentication?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.