Post Event Resources - MSDN Webcast on REST and WCF

The MSDN webcast on geekSpeak: REST and Windows Communication Foundation 3.5 went very well; Since REST is a very broad topic and there were tons of questions, I didn’t get a chance to show all the demos however the sample code can be downloaded from here.

Sample Code

Also, keep an eye on geek speak blog for future updates. Overall. there is a lot of concern about security in REST. I’ll be doing a series of blog posts on security in REST in near future however in the mean time, following resources would be provide a good starting point.

Mark O'Neill's Radio Weblog
Message Level Security in REST

Taking Amazon S3 as a model for secure REST services can be one way to implement security in REST. As mentioned in this article by Eric Heuveneers

“Amazon S3 REST resources are secure. This is important not just for your own purposes, but also because customers are billed depending on how their S3 buckets and objects are used. An AWSSecretKey is assigned to each AWS customer, and this key is identified by an AWSAccessKeyID. The key must be kept secret and will be used to digitally sign REST requests. S3 security features are:

  • Authentication: Requests include AWSAccessKeyID
  • Authorization: Access Control List (ACL) could be applied to each resource
  • Integrity: Requests are digitally signed with AWSSecretKey
  • Confidentiality: S3 is available through both HTTP and HTTPS
  • Non repudiation: Requests are time stamped (with integrity, it's a proof of transaction)

The signing algorithm is HMAC/SHA1 (Hashing for Message Authentication with SHA1).’

Reference: Introduction to Amazon S3 with Java and REST

Links to the books and reference articles mentioned in the webcast are as follows. Please feel free  to send me your questions and comments on my email