I built an iPhone app which transfers data via a REST web service (Jersey) via JSON objects to a Java middle tier back end...
(1) What is the best way to secure the login / authentication of this iPhone App?
(2) Is there an open source or commercial framework used to acquire this type of functionality?
So far I have come across OAuth, SAML and REST Identity Services
(3) Will this framework require SSL?
(4) Does it validate the client (not just the user)?
(5) Am I going about this the wrong way? Meaning should I just use an encrypted token which is required for every single REST call and install SSL?
Would really appreciate this if someone understands my plight and can help... I know that this can be done somehow on an iPhone app because Bank of America and Amazon have this same type of login feature and security.
Problem sending Apple Push Notification using Java and REST