Frizz
Reputation: 2544
Web Service Security: REST-interface for PKI (like XKMS for SOAP)
I know there are a lot of new standards for REST-Security, like
- JWE (JSON Web Encryption)
- JWS (JSON Web Signature) or
- JWK (JSON Web Key)
which do, in essence, what WS-Encryption, WS-Signature, etc. do in the SOAP world.
So I thought: What's the equivalent to XKMS in the REST-Security world?
Upvotes: 2
Views: 386
Answers (1)
Shadowman
Reputation: 12069
There is currently, to the best of my knowledge, no equivalent standard (or pseudo-standard, really) for REST. In theory, it shouldn't be hard to create one on your own, should the need arise. However, it's important to have a very good understanding of the fundamentals of PKI to ensure that you're handling things like digital signatures and keys properly.
Upvotes: 1
Related Questions
- User attribute based web service access control by Keycloak
- Securing REST API without reinventing the wheel
- REST based web services security based on HTTP signatures
- Securing webservice with SSL/PKI
- Mutual-authentication with web services
- REST Web Service authentication token implementation
- How to secure RESTful web services?
- REST APIs and message level security
- restful WCF service authentication
- Cross-Platform Web Services Authentication