We have apache CXF configured RESTful services for our application. Now the requirement is to secure the web services and that too in a manner that WS client doesn't need to send username password in each request. So I decided to go with Oauth two legged and spring security. I have following questions:

1. is this combination feasible as i didnt find any blog/discussion with such a combination.
2. google code base : http://code.google.com/p/cxf-spring-security/ has done spring security integration with CXF WS (SOAP) does it also works for REST.
3. for two legged oauth should i go for oauth 1.0a or oauth 2.0.

I am trying to find a feasible solution but not sure whether i am going in right direction. Kindly suggest.

Thanks,
Abhishek