Best Security Framework to secure and authenticate an iPhone app which uses REST?

Best Security Framework to secure and authenticate an iPhone app which uses REST?

I built an iPhone app which transfers data via a REST web service (Jersey) via JSON objects to a Java middle tier back end...


(1) What is the best way to secure the login / authentication of this iPhone App?

(2) Is there an open source or commercial framework used to acquire this type of functionality?

So far I have come across OAuth, SAML and REST Identity Services

(3) Will this framework require SSL?

(4) Does it validate the client (not just the user)?

(5) Am I going about this the wrong way? Meaning should I just use an encrypted token which is required for every single REST call and install SSL?

Would really appreciate this if someone understands my plight and can help... I know that this can be done somehow on an iPhone app because Bank of America and Amazon have this same type of login feature and security.

Happy coding,


Problem sending Apple Push Notification using Java and REST


Given a view, how do I get its viewController?
I did a demo at JavaOne at the beginning of June that used Jersey on the server, OAuth (via OpenSSO) and a JavaFX client. controls for iPhone development
The code is somewhat experimental, but it might be useful to you - see this blog entry - especially comment #2.

Generating Random Numbers in Objective C for iPhone SDK
There's also a video that explains it at a high level.

Obj-C… “Incompatible types in initialization” error
I used XML, but, since OAuth works at the HTTP level, it works equally well for JSON..
Javascript sort with function not working on iPhone
BTW - there's an Objective C OAuth Consumer implementation - I haven't used it, but Pownce did..
SubViewTwoController undeclared (first use in this function) (obj-c)

UITableView+UINavigationBar+UITabbar in windows based application template using interface Builder?


Many SSO schemes rely on url redirects that can be problematic in iPhone apps.

Pownce folks tried using OAuth in their app and apparently the experience was confusing to the user.

After some research I settled on an approach based on secure WSSE username tokens, the same approach that is used in Atom apps.



94 out of 100 based on 84 user ratings 334 reviews