Web Service Authentication using OpenID

Question

I\'m going to be developing a REST-ful Web Service for a new public website. The idea behind the web service is to have 3rd parties develop fully functional UIs for the busi

Answer 1

I agree completely that what you want is OAuth; I say that having worked on both OAuth and OpenID systems. I've also been in your boat a few times, having to develop a REST web service api.

For a really good ideas on OAuth, and why it is what you want see these attached article:

These are must read, there are four parts read them all: http://hueniverse.com/oauth/guide/

the RFC, read after reading above as it can be a little daunting for most: http://oauth.net/core/1.0

And then finally maybe some code. I have a couple projects hosted that are using Java/Groovy to do OAuth. One is a plain old OAuth client, the other is a client for specific interactions with NetFlix. http://www.blueleftistconstructor.com/projects/

If you are relatively inexperienced with REST (you haven't built a full scale web api yet) I would recommend that you buy (or better get your boss to) "RESTful Web Services" by Richardson & Ruby. It is an O'Reilly book. I can say that it is one of their better books to debut in the past few years.

It might also help to look at some RESTful OAuth based APIs. The NetFlix API is a perfect example: http://developer.netflix.com/docs

Good luck and happy coding!