RESTful Security
نویسنده
چکیده
We take a look into the REST architectural style of making scalable web applications and find out the critical requirements that mismatch with the current web security and privacy architecture. One of the core challenges is the inability of the web security model to scale up with caching when millions of users share confidential data inside communities. Our contribution includes a new solution for achieving RESTful security for web architecture without secure URLs. The solution scales up the performance of web services that require confidentiality protection and relaxes the security requirements for data storage networks by separating the access control decision from the data request. REST, web security, TLS, web caching, user privacy, key hierarchy, key derivation
منابع مشابه
Applying Security for RESTful Web Services – Limitations and Delimitations
The Service Oriented Architecture (SOA) becomes an essential element of modern Enterprise Application Integration (EAI). Among the available SOA implementations, Web Services are most preferable choice by the enterprises as they operate on simple Internet protocols. In principle, web services use SOAP protocol as a base for transmitting requests and responses in between service requester and se...
متن کاملA Novel Approach to Implement Message Level Security in RESTful Web Services
The world is rapidly adopting RESTful web services for most of its tasks. The once popular SOAP-based web services are fast losing ground owing to this. RESTful web services are light weight services without strict message formats. RESTful web services, unlike SOAP, are capable of message transfer in any format be it XML, JSON, plain-text. However, in spite of these positives, ensuring message ...
متن کاملEfficient Attribute Based Access Control for RESTful Services
The popularity of REST grows more and more and so does the need for fine-grained access control for RESTful services. Attribute Based Access Control (ABAC) is a very generic concept that covers multiple different access control mechanism. XACML is an implementation of ABAC based on XML and is established as a standard mechanism. Its flexibility opens the opportunity to specify detailed security...
متن کاملModel-driven Testing of RESTful APIs
In contrast to the increasing popularity of REpresentational State Transfer (REST), systematic testing of RESTful Application Programming Interfaces (API) has not attracted much attention so far. This paper describes different aspects of automated testing of RESTful APIs. Later, we focus on functional and security tests, for which we apply a technique called model-based software development. Ba...
متن کاملIntroducing a Dynamic Federation Model for RESTful Cloud Storage
This paper presents a solution for RESTful cloud storage in a dynamic identity federation. With dynamic federations, Cloud Service Providers are able to find Identity Providers autonomously in the cloud in order to make services flexible, scalable and interoperable. By combining a Representational State Transfer architecture with SAML-based identity federation, a distributed and decentralized c...
متن کامل