Table of Contents

{ 13 comments… read them below or add one }

Marco Parenzan April 20, 2009 at 8:44 am

What about security

Marco Parenzan


Ramesh May 26, 2009 at 9:05 pm

Yes. There is no book or blog that covers security aspect of RESTful web services. I wonder how REST works in case of statefulness? Certainly caching will not be possible.

I would love to see:
* How to prevent Request Throttling
* How to provide data protection, data Integrity & end user privacy

It will be great if you can provide a reviewer copy of your book? Certainly once the book is released I will purchase it :)



subbu May 26, 2009 at 9:10 pm

Thanks for the suggestions. We will try to address those questions as well.

As we finish up the first draft of the book, we will try to get a draft out through O’Reilly’s Rough Cuts program. Please stay tuned.


Henry June 5, 2009 at 12:15 am

Will these book also discuss about JSR311 JAX-RS?
For example showing how to use Jersey ( to quickly expose REST web service for your web application


subbu June 5, 2009 at 12:22 am

We are trying to stay away from any particular dev framework. There are other books that are focusing on dev-level details. We are instead of focusing on protocols, and client-side and server-side design problems solutions.


Hedge July 31, 2009 at 9:56 am

Not sure if it has been seen but I mentioned in another comment that it would be helpful to have your thoughts and insights on:
a) RESTful services and the CAP theorem (side effects etc.).
b) ‘Good’ RESTful designs for the use of webhooks and the delegated authorization that arises in such contexts, e.g. oauth.


Colin Jack August 13, 2009 at 6:11 pm

Excellent set of topics and great that you’ll be putting it out on O’Reilly’s Rough Cuts.


Antonio December 19, 2009 at 11:27 pm

I know this isn’t a popular topic, but shouldn’t the use of REST over protocols beside HTTP be mentioned, maybe as a addendum or appendix?


subbu December 20, 2009 at 12:07 am

This is one of the topics excluded particularly due to the lack of a sufficient experience that can be distilled into recipes applicable to a broad audience.


Yuva Chandolu November 18, 2010 at 6:26 pm

In Basic Authentication (Page 218), it is mentioned that “if the client knows a prior that server requires basic auth for a resource, it can include the authorization header with each request to avoid 401 error”. Can the same approach taken with Digest Authentication? – at least if we are ok to dis-regard nonce and qop? What are pros and cons in this approach?


Subbu Allamaraju November 27, 2010 at 10:49 pm

In the case of digest auth, how can the client unilaterally decide to ignore the nonce?


navindian December 27, 2010 at 7:28 am

Hello subbu,
I wish to know more details on JAX-RS Clients?
Our requirement is a device,which would be embedded in gasstation. It needs to talk to the JAX-RS webservice. Here the programming language of the client is C.


Subbu Allamaraju December 27, 2010 at 10:26 pm

For JAX-RS questions, check out Bill Burke’s “RESTful Java with Jax-RS” (


Leave a Comment