I am a proponent of REST from a simplicity perspective. However, the lack of WS-Security standards support leaves something to be desired with respect to the security capabilities of REST when compared to SOAP.
SSL probably provides for sufficient protection of the communication channel, but pure REST does not provide for very robust authentication. Most REST security models rely on shared-secret keys, as opposed to a more robust certificate-based authentication mechanism. WS-Security and related standards, on the other hand, provides much more capability in this regard.
Additionally, there are some things, stateful transactions or workflows, branching service invocations, guaranteed message deliveries, and others, that just can't be done well with REST.
If REST is to be considered, the use cases need to be carefully considered for when REST is appropriate and when it is not.
From: gerald.gray
Posted: Wednesday, June 10, 2009 2:51 PM
Subject: AMI-ENT support for REST
Please review the attached document for thoughts on using REST for the development of AMI-ENT artifacts and feel free to add your thoughts to this thread.