Issues

ZF-10145: Authentication & Authorization

Description

Zend_AMF_Server include an authentication & an authorization part based on Zend_Auth & Zend_ACL.

Zend_SOAP_Server & Zend_REST_Server doesn't include authentication & authorization... This is really missing.

Example : I have a Service_User class & methods CRUD with other specifics methods like "getUserBooks" or "getallowedUsers".

CRUD functions shouldn't be public, because they involve database integrity; counter to specifics methods.

SOAP / REST Server can take functions or classes. It could be really usefull to setup some ACL on this methods or services..

That all folks.

Comments

In what way are authentication & authorization part of the SOAP protocol specification or the REST architectural style?