On the structure and authorization management of RESTful web services
| Autor: | Bojan Suzic, Bernd Prünster, Dominik Ziegler |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Service (systems architecture)
business.industry Computer science Interoperability Authorization Data security 020206 networking & telecommunications Cloud computing 02 engineering and technology Service provider Business model computer.software_genre Data science Web API Shared resource 020204 information systems 0202 electrical engineering electronic engineering information engineering Web service business computer |
| Zdroj: | SAC |
| DOI: | 10.1145/3167132.3167315 |
| Popis: | A broad range of emerging business models relies on the continual exchange of data that flow among different services to generate additional value and derive knowledge in many domains. The magnitude of resource sharing that form the basis of these interactions raises new challenges concerning the effectivity of existing security and privacy management instruments in environments of such complexity. In this work, we examine the practical application of authorization management mechanisms employed over RESTful Web APIs, which today serve as a major approach to expose service interfaces on the web. For this purpose, we have examined the integration of security mechanisms in n=523 publicWeb APIs. Our findings reveal alarming integration patterns that demonstrate a rudimentary data security and privacy protection in cross-service resource sharing. Our analysis traces the cause back to the (1) shallow models and security capabilities offered by service providers, and (2) design deficiencies of dominantly applied OAuth 2.0 web authorization framework that restrict capabilities and lower the interoperability of underlying management functions. Following the initial discussion, we summarize potential solutions and establish an outline of the future work. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|