Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Paradigm #3

Open
solutionexchange opened this issue Dec 23, 2010 · 2 comments
Open

Security Paradigm #3

solutionexchange opened this issue Dec 23, 2010 · 2 comments
Labels
security

Comments

@solutionexchange
Copy link
Collaborator

Need to decide on what this will be.
@dbaggs
Copy link

dbaggs commented Dec 29, 2010

I think it makes sense for the API client to log in (if they choose to) as we can then provide personalised results as well as deciding the nature of whether certain information can be exposed or not. The nature of 'how' is more the question here.

For example, would the use of the session key as a cookie be approriate or whether that causes issues for certain clients as well as make the API stateful. This latter part needs some thinking as my gut feel is to avoid state within the API but I'm struggling to justify why (beyond the scaling argument).

@solutionexchange
Copy link
Collaborator Author

I think avoiding statefulness as required is good. But if performance can be boosted for JavaScript client or others that maintain state the better the client experience should be.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dbaggs