I'm speaking with Vikas Jain from Oracle at Java One (co-located with Oracle Open World this year) on the topic of REST Security. The session link is below:
(or go to the main catalog page and paste the Session ID 314100 into the search form).
We'll be talking about threats and countermeasures for REST Web Services. We will also discuss the various REST authentication schemes being used by Cloud service providers today. Some of these authentication schemes (in particular that used by Amazon Web Services) is as close to an "industry standard" for REST authentication as we have now. Say what you like about the WS-Security bloat, but at least it is an open standard, whereas for REST authentication there isn't one yet (unless you count HTTP Auth). But organizations realize that they can gain an advantage by providing a REST API and opening it up to the largest amount of (authenticated) users. So here at Vordel we have customers using our Gateway for REST authentication today, so that they can provide REST authentication and navigate the current world of REST security.