On the Security Expressiveness of REST-Based API Definition Languages - Forschungsportal der Justus-Liebig-Universität Gießen:

Konferenzpaper

On the Security Expressiveness of REST-Based API Definition Languages

Autorenliste: Nguyen, Hoai Viet; Tolsdorf, Jan; Lo Iacono, Luigi

Erschienen in: Trust, Privacy and Security in Digital Business

Herausgeberliste: Lopez, J.; Fischer-Hübner, S.; Lambrinoudakis, C.

Jahr der Veröffentlichung: 2017

Seiten: 215-231

ISBN: 978-3-319-64482-0

eISBN: 978-3-319-64483-7

DOI Link: https://doi.org/10.1007/978-3-319-64483-7_14

Konferenz: 14th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2017)

Serientitel: Lecture Notes in Computer Science

Serienzählung: 10442

Abstract:

Modern software is inherently distributed. Applications are decomposed into functional components of which most are provided by third parties usually deployed as software services scattered around the network. Available services can be discovered and orchestrated by service consumers in a flexible and on-the-fly manner. To do so, a standardized specification of the service’s functionalities is required. Apart from functional aspects, such an interface definition language needs to offer expressions for specifying important non-functional facets in addition, such as security. With WSDL and WS-Security such a standardized service description language and a mature security framework are available for the SOAP domain. For REST-based web services such standards are, however, missing. To overcome these shortcomings, many distinct sources propose service description languages and security schemes for REST-based web services. This paper provides a systematic analysis of these languages with a specific focus on their ability to express security policies. The obtained results reveal substantial limitations in all analyzed specification languages.

Autoren/Herausgeber

- Uni.-Prof. Dr.-Ing. Luigi Lo Iacono

Zitierstile

Harvard-Zitierstil: Nguyen, H., Tolsdorf, J. and Lo Iacono, L. (2017) On the Security Expressiveness of REST-Based API Definition Languages, in Lopez, J., Fischer-Hübner, S. and Lambrinoudakis, C. (eds.) Trust, Privacy and Security in Digital Business. Cham: Springer. pp. 215-231. https://doi.org/10.1007/978-3-319-64483-7_14

APA-Zitierstil: Nguyen, H., Tolsdorf, J., & Lo Iacono, L. (2017). On the Security Expressiveness of REST-Based API Definition Languages. In Lopez, J., Fischer-Hübner, S., & Lambrinoudakis, C. (Eds.), Trust, Privacy and Security in Digital Business. (pp. 215-231). Springer. https://doi.org/10.1007/978-3-319-64483-7_14