Description
REST API authentication is a set of technologies used by web services to authenticate client requests.
Status Table
The following table categorizes related technologies according to their current lifecycle status.
Emerging
(Trends to watch) | Strategic
(Future) | Tactical
(Limited support) | Baseline
(Full support) | Containment
(Reduced support) | Retirement
(Scheduled for retirement) |
|---|
Software: Protocols: Technical Services: | Software: Protocols: Technical Services: | Software: Protocols: Technical Services: | Software: Protocols: - TLS Client Certificate Authentication (using application certificates from the UW CA)
Technical Services: | Software: Protocols: - Proprietary API authentication protocols
- HTTP Basic Authentication (without SSL)
Technical Services: | Software: Protocols: Technical Services: |
Note: Refer to the IAM Brick Reference for complete descriptions of the six status designations and common lifecycle patterns.
- Emerging
- No new technologies have been identified for this designation.
- Strategic
- OAuth 2.0 is emerging into the environment as a strategically important open standard for delegated access to REST APIs for web, mobile, and data mashup patterns of use.
- Tactical
- No technologies have been selected for the tactical designation.
- Baseline
- TLS Client Certificate Authentication using X.509 certificates issued to applications by the UW Services Certificate Authority is a baseline technology used to authenticate API clients.
- Containment
- Proprietary API authentication protocols have proliferated while open standards
- HTTP Basic Authentication (without SSL) isn't a secure way to authenticate clients.
- Retirement
- Any leftover use of OAuth 1.0 should be retired.
References
See Also
Last Review Date
March 27, 2013