• Post Reply Bookmark Topic Watch Topic
  • New Topic

If Yahoo e.t.c uses REST how can it be said that REST is not good as SOAP for security.

 
Satyaprakash Joshii
Ranch Hand
Posts: 205
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I read everywhere that SOA is better choice for web service if better security is required BUT...Yahoo e t c uses Rest Ful web services...?....If Yahoo e t c uses REST..then how can it be said that REST WS is not good for security purpose....
 
Hendry Betts
Greenhorn
Posts: 1
Chrome Eclipse IDE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think that argument exists because there is NO WAY in REST to systematically apply common message level security measures like message encryption, non-repudiation measures like there are for SOAP based web services. Yes, you can "roll your own" -- that is write custom implementations that will encrypt the message and even provide payload information that may substitute or act as the non-repudiation measures. But, as far as I know (and I COULD BE WRONG), REST does not have those methods systematically available.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If Yahoo e t c uses REST..then how can it be said that REST WS is not good for security purpose....


Exactly what kind of security problems do you think Yahoo has anyway?

Look at Yahoo's documentation - you see any high value transactions going on there? Any important user authentication needs?

As I recall, Yahoo originally played with a SOAP interface but dropped it as way too complex.

Bill
 
Satyaprakash Joshii
Ranch Hand
Posts: 205
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree that SOAP is a better choice if security concerns are of supreme importance, simply due to the existence of WS-Security. If security is of higher concern than, say, ease of development and use, then message-level security is bound to be more important than transport-level security (which is what REST offers out of the box).
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!