Abstract
Current research on QoS aware service composition focuses on a WSDL/RPC service paradigm, characterized by a centralized, synchronous, and stateful approach. In this paper, we explore QoS aware RESTful services composition, which is characterized by a decentralized, stateless and hypermedia-driven environment. We focus particularly on the security domain since current security practices on the Web illustrate the differences between both the centralized, function-based approach and the decentralized, hypermedia and resource-based approach. We rely on ReLL (a REST service description) that can be processed by machine-clients in order to interact with RESTful services. Our approach identifies key security domain elements as an ontology. Elements serve to model hypermedia-based, decentralized security descriptions supporting simple and complex interaction such as protocols and callbacks. In this paper, we propose an extension to ReLL that considers security constraints (ReLL-S) and allows a machine-client to interact with secured resources, where security conditions may change dynamically. A case study illustrates our approach.
Similar content being viewed by others
References
Alarcón, R., Wilde, E.: From RESTful services to RDF: Connecting the web and the semantic web. UC Berkeley: School of Information. Technical report 2010-041, http://www.escholarship.org/uc/item/3425p9s7. Accessed 4 Dec 2012 (2010)
Alarcón, R., Wilde, E.: Linking data from RESTful services. In: Proceedings of the Linked Data on the Web Workshop (LDOW2010), Raleigh, North Carolina, USA, CEUR Workshop Proceedings ISSN, pp. 1613–0073. http://CEUR-WS.org/Vol-628/ldow2010_paper10.pdf. Accessed 2 Oct 2012 (2010)
Alarcón, R., Wilde, E.: RESTler: Crawling RESTful services. In: Proceedings of the 19th International World Wide Web Conference, pp. 1051–1052. ACM, New York (2010)
Alarcón, R., Wilde, E., Bellido, J.: Hypermedia-driven RESTful service composition. In: 6th Workshop on Engineering Service-Oriented Applications (WESOA 2010), Lecture Notes in Computer Science, vol. 6568, pp. 111–120. Springer, Berlin, Heidelberg (2010)
Allam, D.: A unified formal model for service oriented architecture to enforce security contracts. In: Proceedings of the 11th Annual International Conference on Aspect-Oriented Software Development Companion (AOSD Companion ’12), pp. 9–10. ACM, New York (2012)
Alonso, G., Casati, F., Kuno, H., Machiraju, V.: Web services: Concepts, architectures and applications. Springer, Berlin (2003)
Bellido, J., Alarcon, R., Sepulveda, C.: Web Linking-based protocols for guiding RESTful M2M interaction. Lecture Notes in Computer Science, vol. 7059, pp. 74–85. Springer, Berlin, Heidelberg (2011)
Blanco, C., Lasheras, J., Valencia-García, R., Fernández-Medina, E., Álvarez, J.AT., Piattini, M.: A systematic review and comparison of security ontologies. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security, (ARES’08), pp. 813–820. IEEE Computer Society, USA (2008)
Carminati, B., Ferrari, E., Bishop, R., Hung, P.CK.: Security Conscious Web Service Composition with Semantic Web Support. In: 23rd International Data Engineering Workshop, pp. 695–704. IEEE Computer Society. doi:10.1109/ICDEW.2007.4401057 (2007)
Carminati, B., Ferrari, E., Hung, P.CK.: Security conscious web service composition. In: Proceedings of the International Conference on Web Services (ICWS’06), pp. 489–496. IEEE Computer Society. doi:10.1109/ICWS.2006.115 (2006)
Chinnici, R., Moreau, J., Ryman, A., Weerawarana, S.: Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language, World Wide Web Consortium, Recommendation REC-wsdl20-20070626 (2007)
Decker, G.: Process choreographies in service-oriented environments. Master’s thesis Hasso-Plattner-Institute, University of Potsdam, Germany, October. http://bpt.hpi.uni-potsdam.de/pub/Public/GeroDecker/servicechoreographies.pdf. Accessed Oct 2 2012 (2006)
Dell’Amico, M., Serme, G., Idrees, M.S., Santana de Oliveira, A., Roudier, Y.: HiPoLDS: A hierarchical security policy language for distributed systems. Inf. Secur. Tech. Rep. 17(3), 81–92 (2013). Elsevier, Netherlands
Dustdar, S., Schreiner, W.: A survey on web services composition. IJWGS 1(1), 1 (2005). doi:10.1504/IJWGS.2005.007545
Farrell, S.: API keys to the kingdom. Internet Comput. 13(5), 91–93 (2009). IEEE Computer Society
Fielding, R.T.: Architectural styles and the design of network-based software architectures. Ph.D. thesis, University of California, Irvine, California (2000)
Field, J.P., Graham, S.G., Maguire, T.: A framework for obligation fulfillment in REST services. In: Second International Workshop on RESTful Design (WS-REST 2011), pp. 59–66. ACM, New York. doi:10.1145/1.967428.1967443 (2011)
Franks, J., Hallam-Baker, P.M., Hostetler, J.L., Lawrence, S.D., Leach, P.J., Luotonen, A., Stewart, L.C.: HTTP Authentication: Basic and Digest access authentication. Internet RFC 2617 (1999)
Garcia, D.ZG., de Toledo, M.BF.: Web service security management using semantic web techniques. In: Proceedings of the 2008 ACM Symposium on Applied Computing (SAC’08), pp. 2256–2260. ACM, New York (2008)
Garcia, D.ZG., Felgar de Toledo, M.B.: Ontology-based security policies for supporting the management of web service business processes. In: Proceedings of the International Conference on Semantic Computing (ICSC’08), pp. 331–338. IEEE Computer Society (2008)
Ghezzi, G., Gall, H.C.: A framework for semi-automated software evolution analysis composition. In: Automated Software Engineering, pp. 1–34 (2013)
Graf, S., Zholudev, V., Lewandowski, L., Waldvogel, M.: Hecate, managing authorization with RESTful XML. In: Second International Workshop on RESTful Design (WS-REST 2011), pp. 51–58. ACM, New York. doi:10.1145/1.967428.1967442 (2011)
Hammer-Lahav, E.: The OAuth 1.0 protocol. Internet RFC 5849 (2010)
Hongbin, J., Fengyu, Z., Tao, X.: Security policy configuration analysis for web services on heterogeneous platforms. In: Proceedings of the International Conference on Applied Physics and Industrial Engineering 2012, Physics Procedia, vol. 24, Part B, pp. 1422–1430. Elsevier, Netherlands (2012)
Jordan, D., Evdemon, J.: Web Services Business Process Execution Language Version 2.0, OASIS Standard (2007)
Kavantzas, N., Burdett, D., Ritzinger, G., Fletcher, T., Lafon, Y., Barreto, C.: Web Services Choreography Description Language Version 1.0, World Wide Web Consortium. Candidate Recommendation CR-ws-cdl-10-20051109 (2005)
Kritikos, K., Plexousakis, D.: Requirements for QoS-Based Web Service Description and Discovery. IEEE Trans. Serv. Comput. 2(4), 320 (2009). doi:10.1109/TSC.2009.26
Krummenacher, R., Norton, B., Marte, A.: Towards linked open services and processes. In: Proceedings of the Third Future Internet Symposium (FIS2010), Lecture Notes in Computer Science, vol. 6369, pp 68–77. Springer, Berlin, Heidelberg (2010)
Kübert, R., Katsaros, G., Wang, T.: A RESTful Implementation of the WS-Agreement specification. In: 2nd International Workshop on RESTful Design (WS-REST 2011), pp. 67–72. ACM, New York. doi:10.1145/1.967428.1967444 (2011)
Lawrence, K., Kaler, C.: Web Services Security: SOAP Message Security 1.1. OASIS Standard Specification (2006)
Maamar, Z., Narendra, N.C., Sattanathan, S.: Towards an ontology-based approach for specifying and securing web services. Inf. Softw. Technol. 48(7), 441–455 (2006). Elsevier, Netherlands
Maleshkova, M., Pedrinaci, C., Domingue, J., Rey, G.A., Martinez, I.: Using semantics for automating the authentication of web APIs. In: Proceedings of the International Semantic Web Conference, Lecture Notes in Computer Science, vol. 6496, pp. 534–549. Springer, Berlin Heidelberg. doi:10.1007/978-3-642-17746-0 (2010)
Medjahed, B., Atif, Y.: Context-based matching for web service composition. Distributed and Parallel Databases, vol. 21 p. 5. Springer, Netherlands. doi:10.1007/s10619-006-7003-7 (2007)
Mendling, J., Hafner, M.: From WS-CDL choreography to BPEL process orchestration. J. Enterp. Inf. Manag. 21(5), 525–542 (2008)
Movahednejad, H., Ibrahim, S.B., Sharifi, M., Selamat, H.B., Tabatabaei, S.GH.: Security-aware web service composition approaches: state-of-the-art. In: Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services (iiWAS ’11), pp. 112–121. ACM, New York. doi:10.1145/2.095536.2095557 (2011)
Nottingham, M.: Web Linking, Internet Engineering Task Force (IETF) RFC5988 (2010)
Pautasso, C.: Composing RESTful services with JOpera. In: International Conference on Software Composition 2009, Lecture Notes in Computer Science, vol. 5634, pp. 142–159. Springer, Zürich. doi:10.1007/978-3-642-02655-3_11 (2009)
Pautasso, C.: RESTful web service composition with BPE for REST. Data Knowl. Eng. 68(9), 851 (2009)
Pautasso, C., Wilde, E.: Why is the web loosely coupled? A multi-faceted metric for service design. In: Proceedings of the 18th International World Wide Web Conference, pp. 911–920. ACM, New York (2010)
Recordon, D., Reed, D.: OpenID 2.0: A platform for user-centric identity management. Digital Identity Management (2006)
Richardson, L., Ruby, S.: RESTful Web Services, OReilly (2007)
Rouached, M.: Security analysis for web services compositions. Int. J. Sci. Eng. Res. 3(5), 2229–5518 (2012). ISSN
Stadtmuller, S., Harth, A.: Toward Data-driven Programming for RESTful Linked Data. FirstWorkshop on Programming the Semantic Web, http://www.inf.puc-rio.br/%7Epsw12/7.pd. Accessed 4 April 2013 (2012)
Taylor, R.N., Medvidovic, N., Dashofy, E.M.: Software architecture: foundations, theory, and practice. Wiley, New York (2009)
Vedamuthu, A.S., Orchard, D., Hirsch, F., Hondo, M., Yendluri, P., Boubez, T., Yalinalp: Web Services Policy 1.5 - Attachment. World Wide Web Consortium, Recommendation (2007)
Vedamuthu, A.S., Orchard, D., Hirsch, F., Hondo, M., Yendluri, P., Boubez, T., Yalinalp: Web Services Policy 1.5 - Primer. World Wide Web Consortium, Recommendation (2007)
Verborgh, R., Steiner, T., Deursen, D.V., de Walle, R.V., Valles, J.G.: Efficient runtime service discovery and consumption with hyperlinked RESTdesc. In: Proceedings of the 7th International Conference on Next Generation Web Services Practices (NWeSP’11), pp. 373–379. IEEE Computer Society (2011)
Verborgh, R., Mannens, E., Van de Walle, R.: The rise of the web for agents. In: Proceedings of the 1st International Conference on Building and Exploring Web Based Environments WEB 2013 (2013)
Vinoski, S.: Serendipitous Reuse. IEEE Internet Comput. 12(1), 84 (2008). IEEE Computer Society. doi:10.1109/MIC.2008.20
Von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using hard AI problems for security. Advances in CryptologyÑEUROCRYPT 2003, pp. 294–311. Springer, Berlin, Heidelberg (2003)
zur Muehlen, M., Nickerson, J.V., Swenson, K.D.: Developing web services choreography standards - the case of REST vs. SOAP. Decis. Support. Syst. 40(1), 9 (2005). doi:10.1016/j.dss.2004.04.008
Zuzak, I., Budiselic, I., Delac, G.: Formal modeling of RESTful systems using finite-state machines. In: Web Engineering, Springer, Berlin, Heidelberg, pp. 346–360 (2011)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sepulveda, C., Alarcon, R. & Bellido, J. QoS aware descriptions for RESTful service composition: security domain. World Wide Web 18, 767–794 (2015). https://doi.org/10.1007/s11280-014-0278-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11280-014-0278-0