OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Re: [dss-x] REST binding ?


Hi Stefan,

in fact it's not that sunny here in Hannover. But from tommorow on I'll will be in Bonn and can enjoy the famous Rhine vally weather ;-)

Yes, my sample is abit unclear. In case of POST. The parameter should of course be transported by the POST mechanism. 

Greetings

Andreas

----- original Nachricht --------

Betreff: Re: [dss-x] REST binding ?
Gesendet: So, 29. Mai 2011
Von: Stefan Drees<stefan@drees.name>

> Hi Andreas,
> 
> sunny sundays are so productive ;-)
> 
> First of all I do welcome that idea, although ...
> 
>   ... these mixed calls (POST with a touch of GET-like parameters) 
> irritate me a bit, since I made the experience, that browsers expose 
> quite different behaviours with regard to a post with get semantics:
> 
> POST URL?QUERY=GETLIKE_PART
> POST_DATA
> 
> Or did I misunderstand the initial POST example?
> 
> But the foremost reaction remains: Interesting.
> 
> All the best,
> Stefan.
> 
> Am 29.05.11 14:32, schrieb Andreas Kuehne:
> > Hi all,
> >
> > we're facing some client demand on REST binding for DSS-like interfaces.
> Did anyone in the group already worked in this topic ?
> >
> > Most of the reasons for REST don't sound valid to me ' .. SOAP is bad ...
> REST is good .. and got more performance ..' But if the client asks for it
> ...
> >
> > Designing a REST interface for signing doesn't make real sense to me, as
> the document to be represented by REST doesn't really exist on a signature
> server. It's a pure procedure call, no 'State' (the 'S' in REST) involved.
> >
> > With verification things turned out to be more useful. A signature or the
> signed document could be seen as the 'State' and the service could return
> verification information on it. A URL may look like this :
> >
> > POST
> http://{server}/dss/rest/verificationStatus/SHA-256:{unique_hash}?signature=
> {sig-value}
> >
> > The document could be identified by its hash value, the signature and
> other information will be passed as parameters to a POST request.
> >
> > This call could create the stateful object by performing the verification.
> Subsequent calls of the type 'GET'
> >
> > GET http://{server}/dss/rest/verificationStatus/SHA-256:{unique_hash}
> >
> > will return the verification outcome. This may especially be handy for
> verifications that will be done several times on he same document, like code
> signing or dkim messages. And in fact a REST call may use up little less
> network and may require a smaller software stack ...
> >
> > So to me I does make sense to start thinking about standardizing a REST
> binding for DSS. What's the groups opinions / experiences  ?
> >
> > Greetings
> >
> > Andreas
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
> 
> 

--- original Nachricht Ende ----



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]