Authentication is to verify users are really whom they claim they are. Since its inception, HTTP(s) has used different approaches like BASIC authentication, Form based authentication. Both require passing the user name and password from the client to the server. It’s definitely not good idea to use HTTP because the password is passed as it is or with very limited encoding like BASE64 – very easy to intercept the IP packets and extract out the password. When HTTPs is used, it’s much harder to get the password as all the traffic are encrypted. Still it’s subject to attacks like man-in-the-middle.
My company has created products like vSearch ("Super vCenter"), vijavaNG APIs, EAM APIs, ICE tool. We also help clients with virtualization and cloud computing on customized development, training. Should you, or someone you know, need these products and services, please feel free to contact me: steve __AT__ doublecloud.org.
Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.