Wednesday, March 19, 2008


I request everyone let WS-* be WS- DEATH * and we will just leave it that way. REST is a change that we were looking for so long to make a decent working SOA. Lets not try to make REST as part of WS-* so that we can easily convince our organization to use REST for their services.



Rob said...

Hear hear! There's no need for the additional overhead incurred with other methods (I'm looking at you, SOAP). Simple is good.

Anonymous said...

True. But can we please get an industry accepted de facto technique for securing REST based services?

It seems that most REST services either rely on the non-RESTful cookie/session based approach with a login URL to establish the session, or they implement a custom technique using the Authorization header.

The Authorization header is clearly the right approach, but we need a de facto standard technique for using it. Something along the lines of Amazon's S3 approach would probably be ideal.