Using MAC Authentication for simple Web APIs consumption
Posted by: Pablo M. Cibraro (aka Cibrax),
on 06 Dec 2012 |
View original | Bookmarked: 0 time(s)
For simple scenarios of Web API consumption where identity delegation is not required, traditional http authentication schemas such as basic, certificates or digest are the most used nowadays. All these schemas rely on sending the caller credentials or some representation of it in every request message as part of the Authorization header, so they are prone to suffer phishing attacks if they are not correctly secured at transport level with https. In addition, most client applications typically authenticate...