<< May 2019 >> 

Two Ruminations about OData Security
5:13pm - 10/05/2014

There is a lot of REST(ful) API's in the Wild Web.  In testing well formed OData formatted URLs, I have been trying ABNP translated to REGEX (both the C# class and the VB rules).  The translation is interesting but the speed of parsing is quite acceptable for performance. Now it seems likely that a lot of developers will look at OData version4 and think there may be a bloat of features.  One person's features rich protocol may be another's bloat.  The concern is in partial protocol implementations or indeed in code clones or forking of REST API's that an OData like protocol will be developed by say a shadow developer pod.  Not just non compliant to the OData specification levels but to the spirit of a likely global standard.  All the regular software engineering issues of reusability, maintainability, etc. would apply to shadow code. 


The second rumination is on security extensions of the ABNF to include individual government or individual company extensions.  What comes to mind is say $ENCRYPT and/or $ COMPRESS.  These extensions to the ABNF would be independent of the global standard protocol but allow for alternative OData protocol use specific to a given user community or specific use and with benevolent contributors to the protocol greater richness of features could be possible without compromising the Levels of Compliance of OData version 4.  There may be a large number of extensions possible.  Most coders now use compression as a 'poor mans' encryption now and for some browser or other protocol issues.


Just some ruminations.  I invite your considerations. 

No comments
You must be logged in to leave a comment
Not Registered yet? Click here.   Forgot your login info? Click here.