I'm currently working on a project that is developing a UI using Ext JS Framework to produce a one-page application. We are considering creating a RESTful API specific for the application and leveraging the container-based SAML configuration (a corporate standard) to secure both the UI and the service. This would entail maintaining some user state within the service with the help of a filter. Even though the service would be dedicated to the UI (at least for the time being), it does go against REST statelessness. What is the preferred security
pattern for REST API for one page JavaScript applications?
Thanks!
Doug