CTSC Recommended Security Practices for Thrift Clients: Case Study - Evernote

The Science Gateway Platform (SciGaP, scigap.org ) will provide services to help communities create Science Gateways. SciGaP (via Apache Airavata) will use the Apache Thrift framework ( thrift.apache.org ), a language independent, richly typed interface definition language (IDL) to generate both client and server software development kits (SDKs). Thrift takes a departure from many public services in that it is not a RESTful( http://en.wikipedia.org/wiki/Representational_state_transfer ) API. To gain a better understanding of Thrift (for the CTSC-SciGaP engagement), we examine an existing application/service that uses it: Evernote (evernote.com). Hopefully, the design and use cases of Evernote will help inform the design and use cases of SciGaP, at least from a security perspective. This document provides an overview of Evernote with an emphasis on its Cloud API, some examples of its SDKs, and a list of recommended practices for using Evernote.
cybersecurity, science gateways
Link(s) to data and video for this item
This work is made available under the terms of the Creative Commons Attribution 3.0 Unported License.
Technical Report