Due to their simplicity and ease of use, RESTful web services have emerged as a promising alternative to SOAP-based web services. In RESTful web services, data is transferred directly over HTTP. Standard HTTP methods such as GET, PUT and DELETE are used to represent the operations. In this presentation, I will introduce a few REST APIs implemented by the WEG for authentication against UCAR auth servers and for interaction with People DB.

Auth REST API provides an easy way for developers to authenticate users of their applications against UCAR auth servers such as Kerberos using a password as well as Radius server using Crytocard and Yubikey. Auth REST API can be used in Java, .net/#C, C, PHP, Perl, Ruby, Python and any other language that supports HTTP. Auth REST API makes back end auth servers transparent to the applications, making it easy for applications to support multiple authentication mechanisms and minimizing changes required to support future auth servers. Libraries have been provided to integrate with third party applications such as Jira and the Confluence wiki.

People REST API provides programmatic access to core authoritative UCAR data about people (staff, visitors and collaborators), organizations, groups, logons, mail aliases, mailboxes and mailman lists. UCAR software engineers, web developers, and sys admins can utilize this data to build increasingly collaborative, role-based, and secure applications. Data in People DB is updated in near real time as employees and visitor records are created, modified and inactivated after departure. People DB synchronizes data between authoritative sources and downstream data products such as LDAP.

Together with Auth REST API, People REST API makes it possible to achieve authn and authz using shared UCAR core data as well as industry standard technology such as Kerberos and LDAP.