Ian Bicking: the old part of his blog

Re: HTTP(ish) all the way down

It's some what off-topic, but I've been trying to figure out how to do simple, RESTful, yet secure authentication for xmlrpc.

Take, for example, the Blogger API. Sends passwords via plaintext for each API hit. RESTful, but not secure. You can make it more secure with a back-and-forth digest authentication model, but then it's not really RESTful.

Thoughts on that?

Comment on HTTP(ish) all the way down
by Ken Kinder