search

solutionexchange / DSaaS

REST-style API so any web developer can develop utilizing OpenText Delivery Server (AKA RedDot LiveServer) features without touching DynaMents.
8 stars 4 forks source link

Security Paradigm #3

Open solutionexchange opened 13 years ago

solutionexchange commented 13 years ago

Need to decide on what this will be.

dbaggs commented 13 years ago

I think it makes sense for the API client to log in (if they choose to) as we can then provide personalised results as well as deciding the nature of whether certain information can be exposed or not. The nature of 'how' is more the question here.

For example, would the use of the session key as a cookie be approriate or whether that causes issues for certain clients as well as make the API stateful. This latter part needs some thinking as my gut feel is to avoid state within the API but I'm struggling to justify why (beyond the scaling argument).

solutionexchange commented 13 years ago

I think avoiding statefulness as required is good. But if performance can be boosted for JavaScript client or others that maintain state the better the client experience should be.