On the Security Expressiveness of REST-Based API Definition Languages - Research portal of Justus Liebig University Giessen:

Conference paper

On the Security Expressiveness of REST-Based API Definition Languages

Authors list: Nguyen, Hoai Viet; Tolsdorf, Jan; Lo Iacono, Luigi

Appeared in: Trust, Privacy and Security in Digital Business

Editor list: Lopez, J.; Fischer-Hübner, S.; Lambrinoudakis, C.

Publication year: 2017

Pages: 215-231

ISBN: 978-3-319-64482-0

eISBN: 978-3-319-64483-7

DOI Link: https://doi.org/10.1007/978-3-319-64483-7_14

Conference: 14th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2017)

Title of series: Lecture Notes in Computer Science

Number in series: 10442

Abstract:

Modern software is inherently distributed. Applications are decomposed into functional components of which most are provided by third parties usually deployed as software services scattered around the network. Available services can be discovered and orchestrated by service consumers in a flexible and on-the-fly manner. To do so, a standardized specification of the service’s functionalities is required. Apart from functional aspects, such an interface definition language needs to offer expressions for specifying important non-functional facets in addition, such as security. With WSDL and WS-Security such a standardized service description language and a mature security framework are available for the SOAP domain. For REST-based web services such standards are, however, missing. To overcome these shortcomings, many distinct sources propose service description languages and security schemes for REST-based web services. This paper provides a systematic analysis of these languages with a specific focus on their ability to express security policies. The obtained results reveal substantial limitations in all analyzed specification languages.

Authors/Editors

- Uni.-Prof. Dr.-Ing. Luigi Lo Iacono

Citation Styles

Harvard Citation style: Nguyen, H., Tolsdorf, J. and Lo Iacono, L. (2017) On the Security Expressiveness of REST-Based API Definition Languages, in Lopez, J., Fischer-Hübner, S. and Lambrinoudakis, C. (eds.) Trust, Privacy and Security in Digital Business. Cham: Springer. pp. 215-231. https://doi.org/10.1007/978-3-319-64483-7_14

APA Citation style: Nguyen, H., Tolsdorf, J., & Lo Iacono, L. (2017). On the Security Expressiveness of REST-Based API Definition Languages. In Lopez, J., Fischer-Hübner, S., & Lambrinoudakis, C. (Eds.), Trust, Privacy and Security in Digital Business. (pp. 215-231). Springer. https://doi.org/10.1007/978-3-319-64483-7_14