As REST needs to be stateless :
The client–server communication is further constrained by no client context being stored on the server between requests. Each request from any client contains all of the information necessary to service the request, and any session state is held in the client.
We needed to add a new authentication provider in symfony2 in accordance with this constraint. We chose WSSE.
This article describes how to configure WSSE, how to mix it with FOSRestBundle and how to test it with Google Chrome.