Is OAuth irrelevant when HTTPS is used?
I am designing a RESTful API which will always communicate over HTTPS. Is there any reason to use a scheme like OAuth when running over HTTPS? I am particularly interested whether or not aspects like HMAC-signed requests, nonces, and timestamps are useful when the entire communication is encrypted.
It seems like any authentication scheme over HTTPS is sufficient but I just wanted to get a second opinion.
16
задан John Cromartie 24 March 2011 в 14:05
поделиться
0 ответов
Другие вопросы по тегам: