Topic: Restful authentication and authorization design

Hi! I'm newbie and i'm trying to think of an app completely rest. Once I've identified the resources, i'm starting to think about how to authenticate users to authorize them to use differents app methods (actions).

For example, if i have users and posts and i want to:

-Control that a user is actually a registered user and logged into the system.

-When a user invokes a Restfull service method (url), control that current users has the correct permissions to execute that method.

How do i design this basics things truly restfull?, i have to include information about the current user in the URL every time i invoke a rest method or its implicit in some way?


Re: Restful authentication and authorization design

Joe got a job, on the day shift, at the Utility Muffin Research Kitchen, arrogantly twisting the sterile canvas snout of a fully charged icing anointment utensil.