× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. May 2015

IBM i authentication and RESTful web service design

I am trying to understand in-depth how to develop RESTful web services using CGI programming on the IBM i.

I am using Fielding's dissertation (https://www.ics.uci.edu/~fielding/pubs/dissertation/fielding_dissertation.pdf) as my primary source for what constitutes REST architectural constraints. One constraint is statelessness. On pages 78-79 of his dissertation, he writes:

"We next add a constraint to the client-server interaction: communication must be stateless in nature...such that each request from client to server must contain all of the information necessary to understand the request, and cannot take advantage of any stored context on the server. Session state is therefore kept entirely on the client."

"This constraint induces the properties of visibility, reliability, and scalability. Visibility is improved because a monitoring system does not have to look beyond a single request datum in order to determine the full nature of the request. Reliability is improved because it eases the task of recovering from partial failures. Scalability is improved because not having to store state between requests allows the server component to quickly free resources, and further simplifies implementation because the server doesn't have to manage resource usage across requests."

The IBM i requires every person or system that accesses it's resources to provide a user name and password. Consequently, it seems to me the client has to store credentials associated with a session, so the user doesn't have to fill out  a new login form for each request to the server. It also seems to me the client has to pass user credentials within each request it makes to a web service on the IBM i that uses CGI programs.

Here are my questions:


1.       Am I mistaken that stateless communication requires clients to pass user credentials on each request to the server? If not, how do you avoid passing user credentials on each request while keeping all session information on the client? Maybe I'm missing something obvious. (I'm still a newbie in this area.)

2.       What kind of performance hit, if any, does one take by having to pass user credentials with each request to the IBM i?


3.       Does anyone have suggestions from personal experience, or know some good resources to read, regarding user authentication for web services built on RPG/COBOL CGI programs?

Thanks,

Kelly Cookson
IT Project Leader
Dot Foods, Inc.
1.217.773.4486 ext. 12676
kcookson@xxxxxxxxxxxx<mailto:kcookson@xxxxxxxxxxxx>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.