Abstract
complexity.
In this work, we examine the practical application of authorization management mechanisms employed over RESTful Web APIs, which today serve as a major approach to expose service interfaces on the web. For this purpose, we have examined the integration of security mechanisms in n=523 publicWeb APIs. Our findings reveal alarming integration patterns that demonstrate a rudimentary data security and privacy protection in cross-service resource sharing.
Our analysis traces the cause back to the (1) shallow models and security capabilities offered by service providers, and (2) design deficiencies of dominantly applied OAuth 2.0 web authorization framework that restrict capabilities and lower the interoperability of underlying management functions. Following the initial discussion, we summarize potential solutions and establish an outline of the future work.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 33rd Annual ACM Symposium on Applied Computing |
| Publisher | Association of Computing Machinery |
| DOIs | |
| Publication status | E-pub ahead of print - 2018 |
Fingerprint
Keywords
- web services
- web api
- service security
- cloud services
- service integration
ASJC Scopus subject areas
- Information Systems
- Computer Networks and Communications
Cite this
On The Structure and Authorization Management of RESTful Web Services. / Suzic, Bojan; Prünster, Bernd; Ziegler, Dominik.
Proceedings of the 33rd Annual ACM Symposium on Applied Computing. Association of Computing Machinery, 2018.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Research › peer-review
}
TY - GEN
T1 - On The Structure and Authorization Management of RESTful Web Services
AU - Suzic, Bojan
AU - Prünster, Bernd
AU - Ziegler, Dominik
PY - 2018
Y1 - 2018
N2 - A broad range of emerging business models relies on the continual exchange of data that flow among different services to generate additional value and derive knowledge in many domains. The magnitude of resource sharing that form the basis of these interactions raises new challenges concerning the effectivity of existing security and privacy management instruments in environments of suchcomplexity.In this work, we examine the practical application of authorization management mechanisms employed over RESTful Web APIs, which today serve as a major approach to expose service interfaces on the web. For this purpose, we have examined the integration of security mechanisms in n=523 publicWeb APIs. Our findings reveal alarming integration patterns that demonstrate a rudimentary data security and privacy protection in cross-service resource sharing.Our analysis traces the cause back to the (1) shallow models and security capabilities offered by service providers, and (2) design deficiencies of dominantly applied OAuth 2.0 web authorization framework that restrict capabilities and lower the interoperability of underlying management functions. Following the initial discussion, we summarize potential solutions and establish an outline of the future work.
AB - A broad range of emerging business models relies on the continual exchange of data that flow among different services to generate additional value and derive knowledge in many domains. The magnitude of resource sharing that form the basis of these interactions raises new challenges concerning the effectivity of existing security and privacy management instruments in environments of suchcomplexity.In this work, we examine the practical application of authorization management mechanisms employed over RESTful Web APIs, which today serve as a major approach to expose service interfaces on the web. For this purpose, we have examined the integration of security mechanisms in n=523 publicWeb APIs. Our findings reveal alarming integration patterns that demonstrate a rudimentary data security and privacy protection in cross-service resource sharing.Our analysis traces the cause back to the (1) shallow models and security capabilities offered by service providers, and (2) design deficiencies of dominantly applied OAuth 2.0 web authorization framework that restrict capabilities and lower the interoperability of underlying management functions. Following the initial discussion, we summarize potential solutions and establish an outline of the future work.
KW - autorisierung
KW - sicherheit
KW - web services
KW - web services
KW - web api
KW - service security
KW - cloud services
KW - service integration
U2 - 10.1145/3167132.3167315
DO - 10.1145/3167132.3167315
M3 - Conference contribution
BT - Proceedings of the 33rd Annual ACM Symposium on Applied Computing
PB - Association of Computing Machinery
ER -