JAX-RS and RESTful Security
The use of HTTP, as the driving force of SOA can never be exemplified enough. In terms of the usefulness of SOA, I think that RESTful SOA is a no brainer, has some great uses, and I've always been confused at why people adopted SOAP nothingness. Or, should I say, SOAP wrappers that achieve nothing. RESTfulness, on it's basic level, having no required integrated security, is great for
- public information
- lookups of information that should be readily available for many systems, but does not contain user's private information (without a proper authentication/authorization model in place), etc
- systems not requiring proper/secure authentication and authorization
From a private personal data and security perspective (not that I'm an expert on security, by any means), the RESTful method of SOA really doesn't define much in the way of security. After all, any authentication method, unless it's directly or indirectly tied to the front end user's credentials, and also propagating those credentials to the back end REST service, with stateful authentication, is not adequate security. Having a certificate for example, is great to prevent sniffers, but not hackers that have compromised a client web server system.
