I'm building an application system which consists of a server part "in the cloud" and a client part, e.g. an iPhone or Android app or a web browser.

我正在构建一个应用程序系统，它由“在云中”的服务器部分和客户端部分组成，例如 iPhone 或 Android 应用程序或 Web 浏览器。

Server side is implemented in PHP (LAMP) and is today a very simple server with a number of php-files serving each type of method request like: getCustomers.php, addNewCustomer.php and so on. Also, up until now, no security mechanism has been used whatsoever and the ISP hosting the server do not provide SSL. That's right, SSL is not an option for security.

服务器端是用 PHP (LAMP) 实现的，现在是一个非常简单的服务器，有许多 php 文件为每种类型的方法请求提供服务，例如：getCustomers.php、addNewCustomer.php 等等。此外，到目前为止，还没有使用任何安全机制，托管服务器的 ISP 不提供 SSL。没错，SSL 不是安全选项。

Now, I want to gear up my old system and make it:
1) True RESTful service, and
2) Add security, users must be authenticated and authorized, but passwords in plain text is of course not acceptable.

现在，我想升级我的旧系统并使其：
1）真正的 RESTful 服务，以及
2）添加安全性，用户必须经过身份验证和授权，但纯文本密码当然是不可接受的。

My question simply is, how do I achieve and realize point 1) and 2) above? Is there any tutorial, book chapter or blog article that describes this combined in a single piece? Or do I need to collect information sprinkled all over the web and then try to combine them the best I can?

我的问题很简单，我如何实现和实现上面的 1) 和 2) 点？是否有任何教程、书籍章节或博客文章将其组合成一个整体来描述？或者我是否需要收集散布在整个网络上的信息，然后尽我所能地将它们组合起来？

And please, if you know the answer, and now I hope I'm not too rude, do not just say oAuth this or openID that, instead I would appreciate a lucid explanation of the how or pointers to e.g. blog articles explaining this. Needless to say I have searched the web like a maniac but have, to my big surprise, not been able to find a good answer!?

请，如果你知道答案，现在我希望我不是太粗鲁，不要只说 oAuth this 或 openID that，相反，我希望能清楚地解释如何解释或指向例如解释这一点的博客文章。不用说，我像疯子一样在网上搜索，但令我惊讶的是，找不到好的答案！？

Regards,
Steve

问候，
史蒂夫