Best Security Framework to secure and authenticate an iPhone app which uses REST?

Question

I built an iPhone app which transfers data via a REST web service (Jersey) via JSON objects to a Java middle tier back end...

Question(s):

(1) What is the best

Answer 1

I did a demo at JavaOne at the beginning of June that used Jersey on the server, OAuth (via OpenSSO) and a JavaFX client. The code is somewhat experimental, but it might be useful to you - see this blog entry - especially comment #2. There's also a video that explains it at a high level. I used XML, but, since OAuth works at the HTTP level, it works equally well for JSON.

BTW - there's an Objective C OAuth Consumer implementation - I haven't used it, but Pownce did.

Answer 2

Many SSO schemes rely on url redirects that can be problematic in iPhone apps. Pownce folks tried using OAuth in their app and apparently the experience was confusing to the user. After some research I settled on an approach based on secure WSSE username tokens, the same approach that is used in Atom apps. Enjoy.