OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss-x] REST binding ?

Hi Andreas,

sunny sundays are so productive ;-)

First of all I do welcome that idea, although ...

  ... these mixed calls (POST with a touch of GET-like parameters) 
irritate me a bit, since I made the experience, that browsers expose 
quite different behaviours with regard to a post with get semantics:

POST URL?QUERY=GETLIKE_PART
POST_DATA

Or did I misunderstand the initial POST example?

But the foremost reaction remains: Interesting.

All the best,
Stefan.

Am 29.05.11 14:32, schrieb Andreas Kuehne:
> Hi all,
>
> we're facing some client demand on REST binding for DSS-like interfaces. Did anyone in the group already worked in this topic ?
>
> Most of the reasons for REST don't sound valid to me ' .. SOAP is bad ... REST is good .. and got more performance ..' But if the client asks for it ...
>
> Designing a REST interface for signing doesn't make real sense to me, as the document to be represented by REST doesn't really exist on a signature server. It's a pure procedure call, no 'State' (the 'S' in REST) involved.
>
> With verification things turned out to be more useful. A signature or the signed document could be seen as the 'State' and the service could return verification information on it. A URL may look like this :
>
> POST http://{server}/dss/rest/verificationStatus/SHA-256:{unique_hash}?signature={sig-value}
>
> The document could be identified by its hash value, the signature and other information will be passed as parameters to a POST request.
>
> This call could create the stateful object by performing the verification. Subsequent calls of the type 'GET'
>
> GET http://{server}/dss/rest/verificationStatus/SHA-256:{unique_hash}
>
> will return the verification outcome. This may especially be handy for verifications that will be done several times on he same document, like code signing or dkim messages. And in fact a REST call may use up little less network and may require a smaller software stack ...
>
> So to me I does make sense to start thinking about standardizing a REST binding for DSS. What's the groups opinions / experiences  ?
>
> Greetings
>
> Andreas
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]