The MSDN webcast on geekSpeak: REST and Windows Communication Foundation 3.5 went very well; Since REST is a very broad topic and there were tons of questions, I didn’t get a chance to show all the demos however the sample code can be downloaded from here.
Also, keep an eye on geek speak blog for future updates. Overall. there is a lot of concern about security in REST. I’ll be doing a series of blog posts on security in REST in near future however in the mean time, following resources would be provide a good starting point.
Mark O'Neill's Radio Weblog
Message Level Security in REST
Taking Amazon S3 as a model for secure REST services can be one way to implement security in REST. As mentioned in this article by Eric Heuveneers
“Amazon S3 REST resources are secure. This is important not just for your own purposes, but also because customers are billed depending on how their S3 buckets and objects are used. An AWSSecretKey is assigned to each AWS customer, and this key is identified by an AWSAccessKeyID. The key must be kept secret and will be used to digitally sign REST requests. S3 security features are:
- Authentication: Requests include AWSAccessKeyID
- Authorization: Access Control List (ACL) could be applied to each resource
- Integrity: Requests are digitally signed with AWSSecretKey
- Confidentiality: S3 is available through both HTTP and HTTPS
- Non repudiation: Requests are time stamped (with integrity, it's a proof of transaction)
The signing algorithm is HMAC/SHA1 (Hashing for Message Authentication with SHA1).’
Reference: Introduction to Amazon S3 with Java and REST
Links to the books and reference articles mentioned in the webcast are as follows. Please feel free to send me your questions and comments on my email
Books
- RESTFul .NET
- RESTFul Web Services
References
- The Weekly Source Code 32- Atom, AtomPub and BlogSvc, an AtomPub Server in WCF
- WCF 3.5 Utilities
- WCF 3.5 RSS / ATOM Syndication Support
- Dare Obasanjo aka Carnage4Life - ETech 2005 Trip Report Building a New Web Service at Google
- Defining REST based Formats
- InfoQ Dan Diephouse on Atom, AtomPub, REST and Web Services
- MIX07 Buzzcast #12 - Steve Maine - Navigating the Programmable Web MIX07 Buzzcast Channel 9
- Scott Hanselman's Computer Zen - Web Services
- Showcase of Live ASP.NET MVC Sites - Mike Bosch's Blog on .NET
- The Highs and Lows of REST
- TRUVEO - Complete ASP.NET sample REST Service Calls
- WCF & REST at MIX08 The Tale of MySpace APIs
- WCF Web Programming Model Overview
- WebServiceStudio - Home (CodePlex Project)
- YABE Yet Another Blogging Engine - Home (CodePlex Project)
- WADL (CodePlex Project)