Skip to main content
SpringerLink
Log in

QoS aware descriptions for RESTful service composition: security domain

  • Published:
World Wide Web Aims and scope Submit manuscript

Abstract

Current research on QoS aware service composition focuses on a WSDL/RPC service paradigm, characterized by a centralized, synchronous, and stateful approach. In this paper, we explore QoS aware RESTful services composition, which is characterized by a decentralized, stateless and hypermedia-driven environment. We focus particularly on the security domain since current security practices on the Web illustrate the differences between both the centralized, function-based approach and the decentralized, hypermedia and resource-based approach. We rely on ReLL (a REST service description) that can be processed by machine-clients in order to interact with RESTful services. Our approach identifies key security domain elements as an ontology. Elements serve to model hypermedia-based, decentralized security descriptions supporting simple and complex interaction such as protocols and callbacks. In this paper, we propose an extension to ReLL that considers security constraints (ReLL-S) and allows a machine-client to interact with secured resources, where security conditions may change dynamically. A case study illustrates our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Alarcón, R., Wilde, E.: From RESTful services to RDF: Connecting the web and the semantic web. UC Berkeley: School of Information. Technical report 2010-041, http://www.escholarship.org/uc/item/3425p9s7. Accessed 4 Dec 2012 (2010)

  2. Alarcón, R., Wilde, E.: Linking data from RESTful services. In: Proceedings of the Linked Data on the Web Workshop (LDOW2010), Raleigh, North Carolina, USA, CEUR Workshop Proceedings ISSN, pp. 1613–0073. http://CEUR-WS.org/Vol-628/ldow2010_paper10.pdf. Accessed 2 Oct 2012 (2010)

  3. Alarcón, R., Wilde, E.: RESTler: Crawling RESTful services. In: Proceedings of the 19th International World Wide Web Conference, pp. 1051–1052. ACM, New York (2010)

  4. Alarcón, R., Wilde, E., Bellido, J.: Hypermedia-driven RESTful service composition. In: 6th Workshop on Engineering Service-Oriented Applications (WESOA 2010), Lecture Notes in Computer Science, vol. 6568, pp. 111–120. Springer, Berlin, Heidelberg (2010)

    Google Scholar 

  5. Allam, D.: A unified formal model for service oriented architecture to enforce security contracts. In: Proceedings of the 11th Annual International Conference on Aspect-Oriented Software Development Companion (AOSD Companion ’12), pp. 9–10. ACM, New York (2012)

  6. Alonso, G., Casati, F., Kuno, H., Machiraju, V.: Web services: Concepts, architectures and applications. Springer, Berlin (2003)

    Google Scholar 

  7. Bellido, J., Alarcon, R., Sepulveda, C.: Web Linking-based protocols for guiding RESTful M2M interaction. Lecture Notes in Computer Science, vol. 7059, pp. 74–85. Springer, Berlin, Heidelberg (2011)

    Google Scholar 

  8. Blanco, C., Lasheras, J., Valencia-García, R., Fernández-Medina, E., Álvarez, J.AT., Piattini, M.: A systematic review and comparison of security ontologies. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security, (ARES’08), pp. 813–820. IEEE Computer Society, USA (2008)

  9. Carminati, B., Ferrari, E., Bishop, R., Hung, P.CK.: Security Conscious Web Service Composition with Semantic Web Support. In: 23rd International Data Engineering Workshop, pp. 695–704. IEEE Computer Society. doi:10.1109/ICDEW.2007.4401057 (2007)

  10. Carminati, B., Ferrari, E., Hung, P.CK.: Security conscious web service composition. In: Proceedings of the International Conference on Web Services (ICWS’06), pp. 489–496. IEEE Computer Society. doi:10.1109/ICWS.2006.115 (2006)

  11. Chinnici, R., Moreau, J., Ryman, A., Weerawarana, S.: Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language, World Wide Web Consortium, Recommendation REC-wsdl20-20070626 (2007)

  12. Decker, G.: Process choreographies in service-oriented environments. Master’s thesis Hasso-Plattner-Institute, University of Potsdam, Germany, October. http://bpt.hpi.uni-potsdam.de/pub/Public/GeroDecker/servicechoreographies.pdf. Accessed Oct 2 2012 (2006)

  13. Dell’Amico, M., Serme, G., Idrees, M.S., Santana de Oliveira, A., Roudier, Y.: HiPoLDS: A hierarchical security policy language for distributed systems. Inf. Secur. Tech. Rep. 17(3), 81–92 (2013). Elsevier, Netherlands

    Article  Google Scholar 

  14. Dustdar, S., Schreiner, W.: A survey on web services composition. IJWGS 1(1), 1 (2005). doi:10.1504/IJWGS.2005.007545

    Article  Google Scholar 

  15. Farrell, S.: API keys to the kingdom. Internet Comput. 13(5), 91–93 (2009). IEEE Computer Society

    Article  Google Scholar 

  16. Fielding, R.T.: Architectural styles and the design of network-based software architectures. Ph.D. thesis, University of California, Irvine, California (2000)

  17. Field, J.P., Graham, S.G., Maguire, T.: A framework for obligation fulfillment in REST services. In: Second International Workshop on RESTful Design (WS-REST 2011), pp. 59–66. ACM, New York. doi:10.1145/1.967428.1967443 (2011)

  18. Franks, J., Hallam-Baker, P.M., Hostetler, J.L., Lawrence, S.D., Leach, P.J., Luotonen, A., Stewart, L.C.: HTTP Authentication: Basic and Digest access authentication. Internet RFC 2617 (1999)

  19. Garcia, D.ZG., de Toledo, M.BF.: Web service security management using semantic web techniques. In: Proceedings of the 2008 ACM Symposium on Applied Computing (SAC’08), pp. 2256–2260. ACM, New York (2008)

  20. Garcia, D.ZG., Felgar de Toledo, M.B.: Ontology-based security policies for supporting the management of web service business processes. In: Proceedings of the International Conference on Semantic Computing (ICSC’08), pp. 331–338. IEEE Computer Society (2008)

  21. Ghezzi, G., Gall, H.C.: A framework for semi-automated software evolution analysis composition. In: Automated Software Engineering, pp. 1–34 (2013)

  22. Graf, S., Zholudev, V., Lewandowski, L., Waldvogel, M.: Hecate, managing authorization with RESTful XML. In: Second International Workshop on RESTful Design (WS-REST 2011), pp. 51–58. ACM, New York. doi:10.1145/1.967428.1967442 (2011)

  23. Hammer-Lahav, E.: The OAuth 1.0 protocol. Internet RFC 5849 (2010)

  24. Hongbin, J., Fengyu, Z., Tao, X.: Security policy configuration analysis for web services on heterogeneous platforms. In: Proceedings of the International Conference on Applied Physics and Industrial Engineering 2012, Physics Procedia, vol. 24, Part B, pp. 1422–1430. Elsevier, Netherlands (2012)

  25. Jordan, D., Evdemon, J.: Web Services Business Process Execution Language Version 2.0, OASIS Standard (2007)

  26. Kavantzas, N., Burdett, D., Ritzinger, G., Fletcher, T., Lafon, Y., Barreto, C.: Web Services Choreography Description Language Version 1.0, World Wide Web Consortium. Candidate Recommendation CR-ws-cdl-10-20051109 (2005)

  27. Kritikos, K., Plexousakis, D.: Requirements for QoS-Based Web Service Description and Discovery. IEEE Trans. Serv. Comput. 2(4), 320 (2009). doi:10.1109/TSC.2009.26

    Article  Google Scholar 

  28. Krummenacher, R., Norton, B., Marte, A.: Towards linked open services and processes. In: Proceedings of the Third Future Internet Symposium (FIS2010), Lecture Notes in Computer Science, vol. 6369, pp 68–77. Springer, Berlin, Heidelberg (2010)

  29. Kübert, R., Katsaros, G., Wang, T.: A RESTful Implementation of the WS-Agreement specification. In: 2nd International Workshop on RESTful Design (WS-REST 2011), pp. 67–72. ACM, New York. doi:10.1145/1.967428.1967444 (2011)

  30. Lawrence, K., Kaler, C.: Web Services Security: SOAP Message Security 1.1. OASIS Standard Specification (2006)

  31. Maamar, Z., Narendra, N.C., Sattanathan, S.: Towards an ontology-based approach for specifying and securing web services. Inf. Softw. Technol. 48(7), 441–455 (2006). Elsevier, Netherlands

    Article  Google Scholar 

  32. Maleshkova, M., Pedrinaci, C., Domingue, J., Rey, G.A., Martinez, I.: Using semantics for automating the authentication of web APIs. In: Proceedings of the International Semantic Web Conference, Lecture Notes in Computer Science, vol. 6496, pp. 534–549. Springer, Berlin Heidelberg. doi:10.1007/978-3-642-17746-0 (2010)

  33. Medjahed, B., Atif, Y.: Context-based matching for web service composition. Distributed and Parallel Databases, vol. 21 p. 5. Springer, Netherlands. doi:10.1007/s10619-006-7003-7 (2007)

  34. Mendling, J., Hafner, M.: From WS-CDL choreography to BPEL process orchestration. J. Enterp. Inf. Manag. 21(5), 525–542 (2008)

    Article  Google Scholar 

  35. Movahednejad, H., Ibrahim, S.B., Sharifi, M., Selamat, H.B., Tabatabaei, S.GH.: Security-aware web service composition approaches: state-of-the-art. In: Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services (iiWAS ’11), pp. 112–121. ACM, New York. doi:10.1145/2.095536.2095557 (2011)

  36. Nottingham, M.: Web Linking, Internet Engineering Task Force (IETF) RFC5988 (2010)

  37. Pautasso, C.: Composing RESTful services with JOpera. In: International Conference on Software Composition 2009, Lecture Notes in Computer Science, vol. 5634, pp. 142–159. Springer, Zürich. doi:10.1007/978-3-642-02655-3_11 (2009)

  38. Pautasso, C.: RESTful web service composition with BPE for REST. Data Knowl. Eng. 68(9), 851 (2009)

    Article  Google Scholar 

  39. Pautasso, C., Wilde, E.: Why is the web loosely coupled? A multi-faceted metric for service design. In: Proceedings of the 18th International World Wide Web Conference, pp. 911–920. ACM, New York (2010)

  40. Recordon, D., Reed, D.: OpenID 2.0: A platform for user-centric identity management. Digital Identity Management (2006)

  41. Richardson, L., Ruby, S.: RESTful Web Services, OReilly (2007)

  42. Rouached, M.: Security analysis for web services compositions. Int. J. Sci. Eng. Res. 3(5), 2229–5518 (2012). ISSN

    Google Scholar 

  43. Stadtmuller, S., Harth, A.: Toward Data-driven Programming for RESTful Linked Data. FirstWorkshop on Programming the Semantic Web, http://www.inf.puc-rio.br/%7Epsw12/7.pd. Accessed 4 April 2013 (2012)

  44. Taylor, R.N., Medvidovic, N., Dashofy, E.M.: Software architecture: foundations, theory, and practice. Wiley, New York (2009)

    Book  Google Scholar 

  45. Vedamuthu, A.S., Orchard, D., Hirsch, F., Hondo, M., Yendluri, P., Boubez, T., Yalinalp: Web Services Policy 1.5 - Attachment. World Wide Web Consortium, Recommendation (2007)

  46. Vedamuthu, A.S., Orchard, D., Hirsch, F., Hondo, M., Yendluri, P., Boubez, T., Yalinalp: Web Services Policy 1.5 - Primer. World Wide Web Consortium, Recommendation (2007)

  47. Verborgh, R., Steiner, T., Deursen, D.V., de Walle, R.V., Valles, J.G.: Efficient runtime service discovery and consumption with hyperlinked RESTdesc. In: Proceedings of the 7th International Conference on Next Generation Web Services Practices (NWeSP’11), pp. 373–379. IEEE Computer Society (2011)

  48. Verborgh, R., Mannens, E., Van de Walle, R.: The rise of the web for agents. In: Proceedings of the 1st International Conference on Building and Exploring Web Based Environments WEB 2013 (2013)

  49. Vinoski, S.: Serendipitous Reuse. IEEE Internet Comput. 12(1), 84 (2008). IEEE Computer Society. doi:10.1109/MIC.2008.20

    Article  Google Scholar 

  50. Von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using hard AI problems for security. Advances in CryptologyÑEUROCRYPT 2003, pp. 294–311. Springer, Berlin, Heidelberg (2003)

  51. zur Muehlen, M., Nickerson, J.V., Swenson, K.D.: Developing web services choreography standards - the case of REST vs. SOAP. Decis. Support. Syst. 40(1), 9 (2005). doi:10.1016/j.dss.2004.04.008

    Article  Google Scholar 

  52. Zuzak, I., Budiselic, I., Delac, G.: Formal modeling of RESTful systems using finite-state machines. In: Web Engineering, Springer, Berlin, Heidelberg, pp. 346–360 (2011)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Pontificia Universidad Católica de Chile, Vicuna Mackenna, 4860, Macul, Santiago, Chile

    Cristian Sepulveda & Rosa Alarcon

  2. Pontificia Universidad Católica de Chile, Vicuna Mackenna, 4860, Macul, Santiago, Chile

    Jesus Bellido

Authors
  1. Cristian Sepulveda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rosa Alarcon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jesus Bellido
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cristian Sepulveda.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sepulveda, C., Alarcon, R. & Bellido, J. QoS aware descriptions for RESTful service composition: security domain. World Wide Web 18, 767–794 (2015). https://doi.org/10.1007/s11280-014-0278-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11280-014-0278-0

Keywords

Search

Navigation