Topic: ThoughtWorks "IT Matters" Podcast Discussion / Podcast #4 & #5 Discussion: REST

Hi, great discussion. It’s a discussion we’ve had many times here at work and while for the most part the development team and evanglists have pushed REST exposures of applications, our company security policies have pulled us back to X509 secured WS-* (http://web21c.bt.com). We have been able to expose some of our applications with REST like APIs with some success (http://mojo.bt.com), but we’ve had to look into securing those resources. We ended up using hashing on shared secrets for authentication rather than basic authentication.

I would have been interested for the discussion to include something on securing resources, especially as some of the discussion involved caching of bank details.

Great shout out for PSDs web is agreement =) – http://blog.whatfettle.com/2007/10/31/the_web_is_agreement/

Robbie