Applying Security for RESTful Web Services – Limitations and Delimitations

The Service Oriented Architecture (SOA) becomes an essential element of modern Enterprise Application Integration (EAI). Among the available SOA implementations, Web Services are most preferable choice by the enterprises as they operate on simple Internet protocols. In principle, web services use SOAP protocol as a base for transmitting requests and responses in between service requester and service provider. In recent years, another kind of web services, RESTful web services, are emerging that is even simpler as it uses normal HTTP methods and URIs. Many security solutions for SOAP web services are already exists in market as products and standards; and also many researches are still going on. The RESTful web service is not a standard and it does not contain any security components within it. Research scholars and product based corporations are providing security recommendations for RESTful web services. However, there is no standard security solution defined as of now. And also applying security for RESTful web services is not a straight forward approach; there are few limitations and delimitations that we should consider in developing a security solution for RESTful web services. This paper analyses those limitations and delimitations with the authors’ practical implementation experience of applying security to RESTful web services. Keywords— RESTful Web Services, Security, Secure Web