Can I use OAuth for a SOAP web service?

Question

The standard HTTP Authentication for SOAP passed the password etc in cleartext,and I'm looking for an alternative, possibly a key based mechanism to authenticate web services in lieu of the password.

OAuth is gaining a lot of popularity; would it be appropriate, and how would I implement it? Or perhaps there are other methods I should use.

The project itself is relatively simple, with just a one or two methods to be exposed, but security is of the utmost importance.

Answer 1

I don't see why not. All the OAuth parameters can go directly in the URL so that pretty much means it can work with just about any service API. You'll just have to validate the various bits and pieces (oauth_consumer_key, oauth_nonce, oauth_timestamp and oauth_signature) within your service's controllers.