World Wide Web

, Volume 18, Issue 4, pp 767–794 | Cite as

QoS aware descriptions for RESTful service composition: security domain

Article
First Online:
Received:
Revised:
Accepted:

Abstract

Current research on QoS aware service composition focuses on a WSDL/RPC service paradigm, characterized by a centralized, synchronous, and stateful approach. In this paper, we explore QoS aware RESTful services composition, which is characterized by a decentralized, stateless and hypermedia-driven environment. We focus particularly on the security domain since current security practices on the Web illustrate the differences between both the centralized, function-based approach and the decentralized, hypermedia and resource-based approach. We rely on ReLL (a REST service description) that can be processed by machine-clients in order to interact with RESTful services. Our approach identifies key security domain elements as an ontology. Elements serve to model hypermedia-based, decentralized security descriptions supporting simple and complex interaction such as protocols and callbacks. In this paper, we propose an extension to ReLL that considers security constraints (ReLL-S) and allows a machine-client to interact with secured resources, where security conditions may change dynamically. A case study illustrates our approach.

Keywords

Service composition Security REST Choreographies 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Alarcón, R., Wilde, E.: From RESTful services to RDF: Connecting the web and the semantic web. UC Berkeley: School of Information. Technical report 2010-041, http://www.escholarship.org/uc/item/3425p9s7. Accessed 4 Dec 2012 (2010)
  2. 2.
    Alarcón, R., Wilde, E.: Linking data from RESTful services. In: Proceedings of the Linked Data on the Web Workshop (LDOW2010), Raleigh, North Carolina, USA, CEUR Workshop Proceedings ISSN, pp. 1613–0073. http://CEUR-WS.org/Vol-628/ldow2010_paper10.pdf. Accessed 2 Oct 2012 (2010)
  3. 3.
    Alarcón, R., Wilde, E.: RESTler: Crawling RESTful services. In: Proceedings of the 19th International World Wide Web Conference, pp. 1051–1052. ACM, New York (2010)Google Scholar
  4. 4.
    Alarcón, R., Wilde, E., Bellido, J.: Hypermedia-driven RESTful service composition. In: 6th Workshop on Engineering Service-Oriented Applications (WESOA 2010), Lecture Notes in Computer Science, vol. 6568, pp. 111–120. Springer, Berlin, Heidelberg (2010)Google Scholar
  5. 5.
    Allam, D.: A unified formal model for service oriented architecture to enforce security contracts. In: Proceedings of the 11th Annual International Conference on Aspect-Oriented Software Development Companion (AOSD Companion ’12), pp. 9–10. ACM, New York (2012)Google Scholar
  6. 6.
    Alonso, G., Casati, F., Kuno, H., Machiraju, V.: Web services: Concepts, architectures and applications. Springer, Berlin (2003)Google Scholar
  7. 7.
    Bellido, J., Alarcon, R., Sepulveda, C.: Web Linking-based protocols for guiding RESTful M2M interaction. Lecture Notes in Computer Science, vol. 7059, pp. 74–85. Springer, Berlin, Heidelberg (2011)Google Scholar
  8. 8.
    Blanco, C., Lasheras, J., Valencia-García, R., Fernández-Medina, E., Álvarez, J.AT., Piattini, M.: A systematic review and comparison of security ontologies. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security, (ARES’08), pp. 813–820. IEEE Computer Society, USA (2008)Google Scholar
  9. 9.
    Carminati, B., Ferrari, E., Bishop, R., Hung, P.CK.: Security Conscious Web Service Composition with Semantic Web Support. In: 23rd International Data Engineering Workshop, pp. 695–704. IEEE Computer Society. doi: 10.1109/ICDEW.2007.4401057 (2007)
  10. 10.
    Carminati, B., Ferrari, E., Hung, P.CK.: Security conscious web service composition. In: Proceedings of the International Conference on Web Services (ICWS’06), pp. 489–496. IEEE Computer Society. doi: 10.1109/ICWS.2006.115 (2006)
  11. 11.
    Chinnici, R., Moreau, J., Ryman, A., Weerawarana, S.: Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language, World Wide Web Consortium, Recommendation REC-wsdl20-20070626 (2007)Google Scholar
  12. 12.
    Decker, G.: Process choreographies in service-oriented environments. Master’s thesis Hasso-Plattner-Institute, University of Potsdam, Germany, October. http://bpt.hpi.uni-potsdam.de/pub/Public/GeroDecker/servicechoreographies.pdf. Accessed Oct 2 2012 (2006)
  13. 13.
    Dell’Amico, M., Serme, G., Idrees, M.S., Santana de Oliveira, A., Roudier, Y.: HiPoLDS: A hierarchical security policy language for distributed systems. Inf. Secur. Tech. Rep. 17(3), 81–92 (2013). Elsevier, NetherlandsCrossRefGoogle Scholar
  14. 14.
    Dustdar, S., Schreiner, W.: A survey on web services composition. IJWGS 1(1), 1 (2005). doi: 10.1504/IJWGS.2005.007545 CrossRefGoogle Scholar
  15. 15.
    Farrell, S.: API keys to the kingdom. Internet Comput. 13(5), 91–93 (2009). IEEE Computer SocietyCrossRefGoogle Scholar
  16. 16.
    Fielding, R.T.: Architectural styles and the design of network-based software architectures. Ph.D. thesis, University of California, Irvine, California (2000)Google Scholar
  17. 17.
    Field, J.P., Graham, S.G., Maguire, T.: A framework for obligation fulfillment in REST services. In: Second International Workshop on RESTful Design (WS-REST 2011), pp. 59–66. ACM, New York. doi: 10.1145/1.967428.1967443 (2011)
  18. 18.
    Franks, J., Hallam-Baker, P.M., Hostetler, J.L., Lawrence, S.D., Leach, P.J., Luotonen, A., Stewart, L.C.: HTTP Authentication: Basic and Digest access authentication. Internet RFC 2617 (1999)Google Scholar
  19. 19.
    Garcia, D.ZG., de Toledo, M.BF.: Web service security management using semantic web techniques. In: Proceedings of the 2008 ACM Symposium on Applied Computing (SAC’08), pp. 2256–2260. ACM, New York (2008)Google Scholar
  20. 20.
    Garcia, D.ZG., Felgar de Toledo, M.B.: Ontology-based security policies for supporting the management of web service business processes. In: Proceedings of the International Conference on Semantic Computing (ICSC’08), pp. 331–338. IEEE Computer Society (2008)Google Scholar
  21. 21.
    Ghezzi, G., Gall, H.C.: A framework for semi-automated software evolution analysis composition. In: Automated Software Engineering, pp. 1–34 (2013)Google Scholar
  22. 22.
    Graf, S., Zholudev, V., Lewandowski, L., Waldvogel, M.: Hecate, managing authorization with RESTful XML. In: Second International Workshop on RESTful Design (WS-REST 2011), pp. 51–58. ACM, New York. doi: 10.1145/1.967428.1967442 (2011)
  23. 23.
    Hammer-Lahav, E.: The OAuth 1.0 protocol. Internet RFC 5849 (2010)Google Scholar
  24. 24.
    Hongbin, J., Fengyu, Z., Tao, X.: Security policy configuration analysis for web services on heterogeneous platforms. In: Proceedings of the International Conference on Applied Physics and Industrial Engineering 2012, Physics Procedia, vol. 24, Part B, pp. 1422–1430. Elsevier, Netherlands (2012)Google Scholar
  25. 25.
    Jordan, D., Evdemon, J.: Web Services Business Process Execution Language Version 2.0, OASIS Standard (2007)Google Scholar
  26. 26.
    Kavantzas, N., Burdett, D., Ritzinger, G., Fletcher, T., Lafon, Y., Barreto, C.: Web Services Choreography Description Language Version 1.0, World Wide Web Consortium. Candidate Recommendation CR-ws-cdl-10-20051109 (2005)Google Scholar
  27. 27.
    Kritikos, K., Plexousakis, D.: Requirements for QoS-Based Web Service Description and Discovery. IEEE Trans. Serv. Comput. 2(4), 320 (2009). doi: 10.1109/TSC.2009.26 CrossRefGoogle Scholar
  28. 28.
    Krummenacher, R., Norton, B., Marte, A.: Towards linked open services and processes. In: Proceedings of the Third Future Internet Symposium (FIS2010), Lecture Notes in Computer Science, vol. 6369, pp 68–77. Springer, Berlin, Heidelberg (2010)Google Scholar
  29. 29.
    Kübert, R., Katsaros, G., Wang, T.: A RESTful Implementation of the WS-Agreement specification. In: 2nd International Workshop on RESTful Design (WS-REST 2011), pp. 67–72. ACM, New York. doi: 10.1145/1.967428.1967444 (2011)
  30. 30.
    Lawrence, K., Kaler, C.: Web Services Security: SOAP Message Security 1.1. OASIS Standard Specification (2006)Google Scholar
  31. 31.
    Maamar, Z., Narendra, N.C., Sattanathan, S.: Towards an ontology-based approach for specifying and securing web services. Inf. Softw. Technol. 48(7), 441–455 (2006). Elsevier, NetherlandsCrossRefGoogle Scholar
  32. 32.
    Maleshkova, M., Pedrinaci, C., Domingue, J., Rey, G.A., Martinez, I.: Using semantics for automating the authentication of web APIs. In: Proceedings of the International Semantic Web Conference, Lecture Notes in Computer Science, vol. 6496, pp. 534–549. Springer, Berlin Heidelberg. doi: 10.1007/978-3-642-17746-0 (2010)
  33. 33.
    Medjahed, B., Atif, Y.: Context-based matching for web service composition. Distributed and Parallel Databases, vol. 21 p. 5. Springer, Netherlands. doi: 10.1007/s10619-006-7003-7 (2007)
  34. 34.
    Mendling, J., Hafner, M.: From WS-CDL choreography to BPEL process orchestration. J. Enterp. Inf. Manag. 21(5), 525–542 (2008)CrossRefGoogle Scholar
  35. 35.
    Movahednejad, H., Ibrahim, S.B., Sharifi, M., Selamat, H.B., Tabatabaei, S.GH.: Security-aware web service composition approaches: state-of-the-art. In: Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services (iiWAS ’11), pp. 112–121. ACM, New York. doi: 10.1145/2.095536.2095557 (2011)
  36. 36.
    Nottingham, M.: Web Linking, Internet Engineering Task Force (IETF) RFC5988 (2010)Google Scholar
  37. 37.
    Pautasso, C.: Composing RESTful services with JOpera. In: International Conference on Software Composition 2009, Lecture Notes in Computer Science, vol. 5634, pp. 142–159. Springer, Zürich. doi: 10.1007/978-3-642-02655-3_11 (2009)
  38. 38.
    Pautasso, C.: RESTful web service composition with BPE for REST. Data Knowl. Eng. 68(9), 851 (2009)CrossRefGoogle Scholar
  39. 39.
    Pautasso, C., Wilde, E.: Why is the web loosely coupled? A multi-faceted metric for service design. In: Proceedings of the 18th International World Wide Web Conference, pp. 911–920. ACM, New York (2010)Google Scholar
  40. 40.
    Recordon, D., Reed, D.: OpenID 2.0: A platform for user-centric identity management. Digital Identity Management (2006)Google Scholar
  41. 41.
    Richardson, L., Ruby, S.: RESTful Web Services, OReilly (2007)Google Scholar
  42. 42.
    Rouached, M.: Security analysis for web services compositions. Int. J. Sci. Eng. Res. 3(5), 2229–5518 (2012). ISSNGoogle Scholar
  43. 43.
    Stadtmuller, S., Harth, A.: Toward Data-driven Programming for RESTful Linked Data. FirstWorkshop on Programming the Semantic Web, http://www.inf.puc-rio.br/%7Epsw12/7.pd. Accessed 4 April 2013 (2012)
  44. 44.
    Taylor, R.N., Medvidovic, N., Dashofy, E.M.: Software architecture: foundations, theory, and practice. Wiley, New York (2009)CrossRefGoogle Scholar
  45. 45.
    Vedamuthu, A.S., Orchard, D., Hirsch, F., Hondo, M., Yendluri, P., Boubez, T., Yalinalp: Web Services Policy 1.5 - Attachment. World Wide Web Consortium, Recommendation (2007)Google Scholar
  46. 46.
    Vedamuthu, A.S., Orchard, D., Hirsch, F., Hondo, M., Yendluri, P., Boubez, T., Yalinalp: Web Services Policy 1.5 - Primer. World Wide Web Consortium, Recommendation (2007)Google Scholar
  47. 47.
    Verborgh, R., Steiner, T., Deursen, D.V., de Walle, R.V., Valles, J.G.: Efficient runtime service discovery and consumption with hyperlinked RESTdesc. In: Proceedings of the 7th International Conference on Next Generation Web Services Practices (NWeSP’11), pp. 373–379. IEEE Computer Society (2011)Google Scholar
  48. 48.
    Verborgh, R., Mannens, E., Van de Walle, R.: The rise of the web for agents. In: Proceedings of the 1st International Conference on Building and Exploring Web Based Environments WEB 2013 (2013)Google Scholar
  49. 49.
    Vinoski, S.: Serendipitous Reuse. IEEE Internet Comput. 12(1), 84 (2008). IEEE Computer Society. doi: 10.1109/MIC.2008.20 CrossRefGoogle Scholar
  50. 50.
    Von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using hard AI problems for security. Advances in CryptologyÑEUROCRYPT 2003, pp. 294–311. Springer, Berlin, Heidelberg (2003)Google Scholar
  51. 51.
    zur Muehlen, M., Nickerson, J.V., Swenson, K.D.: Developing web services choreography standards - the case of REST vs. SOAP. Decis. Support. Syst. 40(1), 9 (2005). doi: 10.1016/j.dss.2004.04.008 CrossRefGoogle Scholar
  52. 52.
    Zuzak, I., Budiselic, I., Delac, G.: Formal modeling of RESTful systems using finite-state machines. In: Web Engineering, Springer, Berlin, Heidelberg, pp. 346–360 (2011)CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Cristian Sepulveda
    • 1
  • Rosa Alarcon
    • 1
  • Jesus Bellido
    • 2
  1. 1.Computer Science DepartmentPontificia Universidad Católica de ChileSantiagoChile
  2. 2.Pontificia Universidad Católica de ChileSantiagoChile

Personalised recommendations