On the Need for a General REST-Security Framework

On the Need for a General REST-Security Framework

Contemporary software is inherently distributed. The principles guiding the design of such software have been mainly manifested by the service-oriented architecture (SOA) concept. In a SOA, applications are orchestrated by software services generally operated by distinct entities. Due to the latter...

Full description

Bibliographic Details
Main Authors: Luigi Lo Iacono, Hoai Viet Nguyen, Peter Leo Gorski
Format: Article
Language:English
Published: MDPI AG 2019-02-01
Series:Future Internet
Subjects:
SOA
services
security
REST
web services security
HTTP
IoT services security
CoAP
RACS
Online Access:https://www.mdpi.com/1999-5903/11/3/56
id doaj-92aad2c72b3e4812bd92ec08b1bfff45
record_format Article
spelling doaj-92aad2c72b3e4812bd92ec08b1bfff452020-11-24T23:47:27ZengMDPI AGFuture Internet1999-59032019-02-011135610.3390/fi11030056fi11030056On the Need for a General REST-Security FrameworkLuigi Lo Iacono0Hoai Viet Nguyen1Peter Leo Gorski2Data and Application Security Group, Cologne University of Applied Sciences, 50679 Cologne, GermanyData and Application Security Group, Cologne University of Applied Sciences, 50679 Cologne, GermanyData and Application Security Group, Cologne University of Applied Sciences, 50679 Cologne, GermanyContemporary software is inherently distributed. The principles guiding the design of such software have been mainly manifested by the service-oriented architecture (SOA) concept. In a SOA, applications are orchestrated by software services generally operated by distinct entities. Due to the latter fact, service security has been of importance in such systems ever since. A dominant protocol for implementing SOA-based systems is SOAP, which comes with a well-elaborated security framework. As an alternative to SOAP, the architectural style representational state transfer (REST) is gaining traction as a simple, lightweight and flexible guideline for designing distributed service systems that scale at large. This paper starts by introducing the basic constraints representing REST. Based on these foundations, the focus is afterwards drawn on the security needs of REST-based service systems. The limitations of transport-oriented protection means are emphasized and the demand for specific message-oriented safeguards is assessed. The paper then reviews the current activities in respect to REST-security and finds that the available schemes are mostly HTTP-centered and very heterogeneous. More importantly, all of the analyzed schemes contain vulnerabilities. The paper contributes a methodology on how to establish REST-security as a general security framework for protecting REST-based service systems of any kind by consistent and comprehensive protection means. First adoptions of the introduced approach are presented in relation to REST message authentication with instantiations for REST-ful HTTP (web/cloud services) and REST-ful constraint application protocol (CoAP) (internet of things (IoT) services).https://www.mdpi.com/1999-5903/11/3/56SOAservicessecurityRESTweb services securityHTTPIoT services securityCoAPRACS
collection DOAJ
language English
format Article
sources DOAJ
author Luigi Lo Iacono
Hoai Viet Nguyen
Peter Leo Gorski
spellingShingle Luigi Lo Iacono
Hoai Viet Nguyen
Peter Leo Gorski
On the Need for a General REST-Security Framework
Future Internet
SOA
services
security
REST
web services security
HTTP
IoT services security
CoAP
RACS
author_facet Luigi Lo Iacono
Hoai Viet Nguyen
Peter Leo Gorski
author_sort Luigi Lo Iacono
title On the Need for a General REST-Security Framework
title_short On the Need for a General REST-Security Framework
title_full On the Need for a General REST-Security Framework
title_fullStr On the Need for a General REST-Security Framework
title_full_unstemmed On the Need for a General REST-Security Framework
title_sort on the need for a general rest-security framework
publisher MDPI AG
series Future Internet
issn 1999-5903
publishDate 2019-02-01
description Contemporary software is inherently distributed. The principles guiding the design of such software have been mainly manifested by the service-oriented architecture (SOA) concept. In a SOA, applications are orchestrated by software services generally operated by distinct entities. Due to the latter fact, service security has been of importance in such systems ever since. A dominant protocol for implementing SOA-based systems is SOAP, which comes with a well-elaborated security framework. As an alternative to SOAP, the architectural style representational state transfer (REST) is gaining traction as a simple, lightweight and flexible guideline for designing distributed service systems that scale at large. This paper starts by introducing the basic constraints representing REST. Based on these foundations, the focus is afterwards drawn on the security needs of REST-based service systems. The limitations of transport-oriented protection means are emphasized and the demand for specific message-oriented safeguards is assessed. The paper then reviews the current activities in respect to REST-security and finds that the available schemes are mostly HTTP-centered and very heterogeneous. More importantly, all of the analyzed schemes contain vulnerabilities. The paper contributes a methodology on how to establish REST-security as a general security framework for protecting REST-based service systems of any kind by consistent and comprehensive protection means. First adoptions of the introduced approach are presented in relation to REST message authentication with instantiations for REST-ful HTTP (web/cloud services) and REST-ful constraint application protocol (CoAP) (internet of things (IoT) services).
topic SOA
services
security
REST
web services security
HTTP
IoT services security
CoAP
RACS
url https://www.mdpi.com/1999-5903/11/3/56
work_keys_str_mv AT luigiloiacono ontheneedforageneralrestsecurityframework
AT hoaivietnguyen ontheneedforageneralrestsecurityframework
AT peterleogorski ontheneedforageneralrestsecurityframework
_version_ 1725489572083662848

Similar Items