|
|
| Session Details | |
 Session ID: |
TS-5295 |
| Session Title: |
Designing and Building Security into REST Applications |
| Session Abstract: |
So you are considering creating some REST services to make it easy for other applications to mash up with yours. Or maybe you are considering using some existing services in your own applications. This session, for Web application developers, discusses how to design and use REST services securely. It shares some of the experiences and best practices developed in the design of the REST identity services of the OpenSSO security project. The OpenSSO REST security services are deployed and used in many popular Web sites, maybe even your bank's. The presentation also discusses some common designs foundin investigation of the security features of some popular live REST services. Learn some techniques that will help you build and use REST services securely. It also covers some antipatterns and pitfalls to avoid. It focuses on the security aspects of building and using REST services, shares the experiences of the OpenSSO team, and provides some guidelines on building security into your own REST applications. What you will get from this session: • Guidelines based on real-world experience of designing and building security services for REST • Awareness of key security vulnerablities to consider • Practical techniques to apply in your own applications • A collection of tips and guidelines for beginning to build REST applications securely |
| Track: |
Core Technology: Java EE; Services Web 2.0 Scheduling Track; Services: Web 2.0, Next Generation Web, and Cloud Services Platform |
| Duration: |
60 |
| Speaker(s): |
Paul Bryan, Sun Microsystems; Sean Brydon, Sun Microsystems, Inc.; Aravindan Ranganathan, Sun Microsystems, Inc. |