This is getting boring. Yet another post from Gunnar Peterson where the only thing I can do is copy it verbatim:
Tim Bray on REST:Messages All The Way Down · HTTP is a decent and under-appreciated protocol, but in the end maybe the most important thing is that it forces you to think about the messages and how you exchange them. There’s no pretense that Remote Procedures are being called, or Object Models are being shared; I send you some bits and some metadata about them, and you respond with the same. It turns out that in the HTTP universe, at that point our conversation is over, and that turns out to be a good basis for building applications, but the key thing is putting the messages, rather than what they allegedly stand for, at the centerThat's great - the message is the center - now REST just needs message level security model and mechanisms like WS-Security. SSL is what is usually bandied about as a security model by Restafarians, but we know from Deutsch, Gosling, and Joy that "the network is secure" is the fourth fallacy of distributed computing.
Ok, I admit to being highly skeptical about WS-anything, but that's his area :) The concept however is right: REST is great but totally insecure, and there isn't any way to help that right now, SSL being a famously connection-oriented design that doesn't meet a message-oriented requirement.
( For the record, SOX was more or less a basic form of REST, done in 1995 by Gary Howland. Not because he was some sort of seer or genius, but because that was the only serious way to engineer it. Well, that's what we thought at the time. Maybe he was a genius. )
Posted by iang at May 2, 2007 04:08 PM | TrackBackHmmm, what is a message?
Okay, I'm showing off here, wanting to sound profoundly wise like a kind of pundit.
Essentially I'm asking "What is it that you want to protect". And I'm pretty sure that you don't just want to protect (whatever that may mean) the message (whatever that may mean).
Posted by: Twan at May 2, 2007 05:48 PMIn what way is a REST over SSL application insecure?
Posted by: James A. Donald at May 3, 2007 04:42 PMTwan - SOAP says a message is
"A SOAP message is specified as an XML infoset whose comment, element, attribute, namespace and character information items are able to be serialized as XML 1.0. "
(http://www.w3.org/TR/soap12-part1/)
James - A number of ways, but the main one we are talking about is that whatever foo you have bundled in the REST r/r (identity tokens, sensitive data) is vulnerable if and when SSL is terminated. In your standard corporate data center for example with leveraged infrastructure the SSL is terminated at the outer edge. Of course if you value integrity, SSL doesn't help you there either.
REST/SOA Apps are integrated across hops, so the security model should not be point to point in most cases.
Posted by: Gunnar at May 3, 2007 05:34 PM