ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Expose REST Service using HTTPInputNode with PasswordDigest

Post new topic  Reply to topic
 Expose REST Service using HTTPInputNode with PasswordDigest « View previous topic :: View next topic » 
Author Message
magvlvri
PostPosted: Wed Aug 19, 2015 6:34 pm    Post subject: Expose REST Service using HTTPInputNode with PasswordDigest Reply with quote

Apprentice

Joined: 07 Nov 2014
Posts: 26
As the topic suggests, i am trying to check if it is possible to expose a REST service on IIB using HTTPInput Node, that too involving password digest, out of the box.

PolicySets, PolicySetBindings dont apply to REST as far as i know. Am i doomed to write code to check password digest validity that comes in with a request?

For REST services security, we are evaluating alternative options to oauth2.0, SAML model to reduce the complexity for applications that are going to connect to IIB.

Does SSL/TLS along with password digest(not involving 401, but using client provided nonce) represent a decent security model for REST services that are exposed using IIB?
Back to top
View user's profile Send private message
Vitor
PostPosted: Thu Aug 20, 2015 4:38 am    Post subject: Re: Expose REST Service using HTTPInputNode with PasswordDig Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
magvlvri wrote:
PolicySets, PolicySetBindings dont apply to REST as far as i know. Am i doomed to write code to check password digest validity that comes in with a request?


Not entirely doomed - the nice people at IBM did think people would want to use security on other things than SOAP. See here and here.

magvlvri wrote:
Does SSL/TLS along with password digest(not involving 401, but using client provided nonce) represent a decent security model for REST services that are exposed using IIB?


Depends entirely on what you're doing with the service. What are you doing with the service?
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Expose REST Service using HTTPInputNode with PasswordDigest
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.