O'Reilly logo

REST in Practice by Savas Parastatidis, Jim Webber, Ian Robinson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Web Security

THIS CHAPTER FOCUSES ON SOME EXCITING DEVELOPMENTS in security protocols, which combine the Web’s features with mature cryptographic techniques. Yet secure systems need more than just clever cryptography at the network layer to be secure, so throughout this chapter we’ll take a systematic view of web security. We’ll investigate the following four core pillars of secure computing and show how to apply them to build distributed systems on the Web:

Confidentiality

The ability to keep information private while in transit or in storage

Integrity

The ability to prevent information from being changed undetectably

Identity

The ability to authenticate parties involved in an interaction

Trust

Authorizing a party to interact with a system in a prescribed manner

The Web has evolved solutions to each of these challenges, and in this chapter, we’ll show how those techniques can be adopted for building secure computer-to-computer services.

HTTP Security Essentials

The web community has developed a number of higher-order protocols that address issues such as identity and trust. These protocols sit atop HTTP so as to allow systems to interoperate securely. We’ll look at these protocols shortly, but before we do so, we should understand the basics of HTTP security.

HTTP Authentication and Authorization

As we’ve often seen on the World Wide Web, HTTP natively supports authentication (to establish identity) and authorization (to help establish trust). When a consumer attempts to access a ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required