Eintrag weiter verarbeiten
On the Need for a General REST-Security Framework
Gespeichert in:
Zeitschriftentitel: | Future Internet |
---|---|
Personen und Körperschaften: | , , |
In: | Future Internet, 11, 2019, 3, S. 56 |
Format: | E-Article |
Sprache: | Englisch |
veröffentlicht: |
MDPI AG
|
Schlagwörter: |
author_facet |
Lo Iacono, Luigi Nguyen, Hoai Gorski, Peter Lo Iacono, Luigi Nguyen, Hoai Gorski, Peter |
---|---|
author |
Lo Iacono, Luigi Nguyen, Hoai Gorski, Peter |
spellingShingle |
Lo Iacono, Luigi Nguyen, Hoai Gorski, Peter Future Internet On the Need for a General REST-Security Framework Computer Networks and Communications |
author_sort |
lo iacono, luigi |
spelling |
Lo Iacono, Luigi Nguyen, Hoai Gorski, Peter 1999-5903 MDPI AG Computer Networks and Communications http://dx.doi.org/10.3390/fi11030056 <jats:p>Contemporary software is inherently distributed. The principles guiding the design of such software have been mainly manifested by the service-oriented architecture (SOA) concept. In a SOA, applications are orchestrated by software services generally operated by distinct entities. Due to the latter fact, service security has been of importance in such systems ever since. A dominant protocol for implementing SOA-based systems is SOAP, which comes with a well-elaborated security framework. As an alternative to SOAP, the architectural style representational state transfer (REST) is gaining traction as a simple, lightweight and flexible guideline for designing distributed service systems that scale at large. This paper starts by introducing the basic constraints representing REST. Based on these foundations, the focus is afterwards drawn on the security needs of REST-based service systems. The limitations of transport-oriented protection means are emphasized and the demand for specific message-oriented safeguards is assessed. The paper then reviews the current activities in respect to REST-security and finds that the available schemes are mostly HTTP-centered and very heterogeneous. More importantly, all of the analyzed schemes contain vulnerabilities. The paper contributes a methodology on how to establish REST-security as a general security framework for protecting REST-based service systems of any kind by consistent and comprehensive protection means. First adoptions of the introduced approach are presented in relation to REST message authentication with instantiations for REST-ful HTTP (web/cloud services) and REST-ful constraint application protocol (CoAP) (internet of things (IoT) services).</jats:p> On the Need for a General REST-Security Framework Future Internet |
doi_str_mv |
10.3390/fi11030056 |
facet_avail |
Online Free |
finc_class_facet |
Informatik |
format |
ElectronicArticle |
fullrecord |
blob:ai-49-aHR0cDovL2R4LmRvaS5vcmcvMTAuMzM5MC9maTExMDMwMDU2 |
id |
ai-49-aHR0cDovL2R4LmRvaS5vcmcvMTAuMzM5MC9maTExMDMwMDU2 |
institution |
DE-L229 DE-D275 DE-Bn3 DE-Brt1 DE-D161 DE-Zwi2 DE-Gla1 DE-Zi4 DE-15 DE-Pl11 DE-Rs1 FID-BBI-DE-23 DE-105 DE-14 DE-Ch1 |
imprint |
MDPI AG, 2019 |
imprint_str_mv |
MDPI AG, 2019 |
issn |
1999-5903 |
issn_str_mv |
1999-5903 |
language |
English |
mega_collection |
MDPI AG (CrossRef) |
match_str |
loiacono2019ontheneedforageneralrestsecurityframework |
publishDateSort |
2019 |
publisher |
MDPI AG |
recordtype |
ai |
record_format |
ai |
series |
Future Internet |
source_id |
49 |
title |
On the Need for a General REST-Security Framework |
title_unstemmed |
On the Need for a General REST-Security Framework |
title_full |
On the Need for a General REST-Security Framework |
title_fullStr |
On the Need for a General REST-Security Framework |
title_full_unstemmed |
On the Need for a General REST-Security Framework |
title_short |
On the Need for a General REST-Security Framework |
title_sort |
on the need for a general rest-security framework |
topic |
Computer Networks and Communications |
url |
http://dx.doi.org/10.3390/fi11030056 |
publishDate |
2019 |
physical |
56 |
description |
<jats:p>Contemporary software is inherently distributed. The principles guiding the design of such software have been mainly manifested by the service-oriented architecture (SOA) concept. In a SOA, applications are orchestrated by software services generally operated by distinct entities. Due to the latter fact, service security has been of importance in such systems ever since. A dominant protocol for implementing SOA-based systems is SOAP, which comes with a well-elaborated security framework. As an alternative to SOAP, the architectural style representational state transfer (REST) is gaining traction as a simple, lightweight and flexible guideline for designing distributed service systems that scale at large. This paper starts by introducing the basic constraints representing REST. Based on these foundations, the focus is afterwards drawn on the security needs of REST-based service systems. The limitations of transport-oriented protection means are emphasized and the demand for specific message-oriented safeguards is assessed. The paper then reviews the current activities in respect to REST-security and finds that the available schemes are mostly HTTP-centered and very heterogeneous. More importantly, all of the analyzed schemes contain vulnerabilities. The paper contributes a methodology on how to establish REST-security as a general security framework for protecting REST-based service systems of any kind by consistent and comprehensive protection means. First adoptions of the introduced approach are presented in relation to REST message authentication with instantiations for REST-ful HTTP (web/cloud services) and REST-ful constraint application protocol (CoAP) (internet of things (IoT) services).</jats:p> |
container_issue |
3 |
container_start_page |
0 |
container_title |
Future Internet |
container_volume |
11 |
format_de105 |
Article, E-Article |
format_de14 |
Article, E-Article |
format_de15 |
Article, E-Article |
format_de520 |
Article, E-Article |
format_de540 |
Article, E-Article |
format_dech1 |
Article, E-Article |
format_ded117 |
Article, E-Article |
format_degla1 |
E-Article |
format_del152 |
Buch |
format_del189 |
Article, E-Article |
format_dezi4 |
Article |
format_dezwi2 |
Article, E-Article |
format_finc |
Article, E-Article |
format_nrw |
Article, E-Article |
_version_ |
1792346738152964106 |
geogr_code |
not assigned |
last_indexed |
2024-03-01T17:43:57.864Z |
geogr_code_person |
not assigned |
openURL |
url_ver=Z39.88-2004&ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fvufind.svn.sourceforge.net%3Agenerator&rft.title=On+the+Need+for+a+General+REST-Security+Framework&rft.date=2019-02-27&genre=article&issn=1999-5903&volume=11&issue=3&pages=56&jtitle=Future+Internet&atitle=On+the+Need+for+a+General+REST-Security+Framework&aulast=Gorski&aufirst=Peter&rft_id=info%3Adoi%2F10.3390%2Ffi11030056&rft.language%5B0%5D=eng |
SOLR | |
_version_ | 1792346738152964106 |
author | Lo Iacono, Luigi, Nguyen, Hoai, Gorski, Peter |
author_facet | Lo Iacono, Luigi, Nguyen, Hoai, Gorski, Peter, Lo Iacono, Luigi, Nguyen, Hoai, Gorski, Peter |
author_sort | lo iacono, luigi |
container_issue | 3 |
container_start_page | 0 |
container_title | Future Internet |
container_volume | 11 |
description | <jats:p>Contemporary software is inherently distributed. The principles guiding the design of such software have been mainly manifested by the service-oriented architecture (SOA) concept. In a SOA, applications are orchestrated by software services generally operated by distinct entities. Due to the latter fact, service security has been of importance in such systems ever since. A dominant protocol for implementing SOA-based systems is SOAP, which comes with a well-elaborated security framework. As an alternative to SOAP, the architectural style representational state transfer (REST) is gaining traction as a simple, lightweight and flexible guideline for designing distributed service systems that scale at large. This paper starts by introducing the basic constraints representing REST. Based on these foundations, the focus is afterwards drawn on the security needs of REST-based service systems. The limitations of transport-oriented protection means are emphasized and the demand for specific message-oriented safeguards is assessed. The paper then reviews the current activities in respect to REST-security and finds that the available schemes are mostly HTTP-centered and very heterogeneous. More importantly, all of the analyzed schemes contain vulnerabilities. The paper contributes a methodology on how to establish REST-security as a general security framework for protecting REST-based service systems of any kind by consistent and comprehensive protection means. First adoptions of the introduced approach are presented in relation to REST message authentication with instantiations for REST-ful HTTP (web/cloud services) and REST-ful constraint application protocol (CoAP) (internet of things (IoT) services).</jats:p> |
doi_str_mv | 10.3390/fi11030056 |
facet_avail | Online, Free |
finc_class_facet | Informatik |
format | ElectronicArticle |
format_de105 | Article, E-Article |
format_de14 | Article, E-Article |
format_de15 | Article, E-Article |
format_de520 | Article, E-Article |
format_de540 | Article, E-Article |
format_dech1 | Article, E-Article |
format_ded117 | Article, E-Article |
format_degla1 | E-Article |
format_del152 | Buch |
format_del189 | Article, E-Article |
format_dezi4 | Article |
format_dezwi2 | Article, E-Article |
format_finc | Article, E-Article |
format_nrw | Article, E-Article |
geogr_code | not assigned |
geogr_code_person | not assigned |
id | ai-49-aHR0cDovL2R4LmRvaS5vcmcvMTAuMzM5MC9maTExMDMwMDU2 |
imprint | MDPI AG, 2019 |
imprint_str_mv | MDPI AG, 2019 |
institution | DE-L229, DE-D275, DE-Bn3, DE-Brt1, DE-D161, DE-Zwi2, DE-Gla1, DE-Zi4, DE-15, DE-Pl11, DE-Rs1, FID-BBI-DE-23, DE-105, DE-14, DE-Ch1 |
issn | 1999-5903 |
issn_str_mv | 1999-5903 |
language | English |
last_indexed | 2024-03-01T17:43:57.864Z |
match_str | loiacono2019ontheneedforageneralrestsecurityframework |
mega_collection | MDPI AG (CrossRef) |
physical | 56 |
publishDate | 2019 |
publishDateSort | 2019 |
publisher | MDPI AG |
record_format | ai |
recordtype | ai |
series | Future Internet |
source_id | 49 |
spelling | Lo Iacono, Luigi Nguyen, Hoai Gorski, Peter 1999-5903 MDPI AG Computer Networks and Communications http://dx.doi.org/10.3390/fi11030056 <jats:p>Contemporary software is inherently distributed. The principles guiding the design of such software have been mainly manifested by the service-oriented architecture (SOA) concept. In a SOA, applications are orchestrated by software services generally operated by distinct entities. Due to the latter fact, service security has been of importance in such systems ever since. A dominant protocol for implementing SOA-based systems is SOAP, which comes with a well-elaborated security framework. As an alternative to SOAP, the architectural style representational state transfer (REST) is gaining traction as a simple, lightweight and flexible guideline for designing distributed service systems that scale at large. This paper starts by introducing the basic constraints representing REST. Based on these foundations, the focus is afterwards drawn on the security needs of REST-based service systems. The limitations of transport-oriented protection means are emphasized and the demand for specific message-oriented safeguards is assessed. The paper then reviews the current activities in respect to REST-security and finds that the available schemes are mostly HTTP-centered and very heterogeneous. More importantly, all of the analyzed schemes contain vulnerabilities. The paper contributes a methodology on how to establish REST-security as a general security framework for protecting REST-based service systems of any kind by consistent and comprehensive protection means. First adoptions of the introduced approach are presented in relation to REST message authentication with instantiations for REST-ful HTTP (web/cloud services) and REST-ful constraint application protocol (CoAP) (internet of things (IoT) services).</jats:p> On the Need for a General REST-Security Framework Future Internet |
spellingShingle | Lo Iacono, Luigi, Nguyen, Hoai, Gorski, Peter, Future Internet, On the Need for a General REST-Security Framework, Computer Networks and Communications |
title | On the Need for a General REST-Security Framework |
title_full | On the Need for a General REST-Security Framework |
title_fullStr | On the Need for a General REST-Security Framework |
title_full_unstemmed | On the Need for a General REST-Security Framework |
title_short | On the Need for a General REST-Security Framework |
title_sort | on the need for a general rest-security framework |
title_unstemmed | On the Need for a General REST-Security Framework |
topic | Computer Networks and Communications |
url | http://dx.doi.org/10.3390/fi11030056 |