Using Semantics for Automating the Authentication of Web APIs

  • Maria Maleshkova
  • Carlos Pedrinaci
  • John Domingue
  • Guillermo Alvaro
  • Ivan Martinez
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6496)


Recent technology developments in the area of services on the Web are marked by the proliferation of Web applications and APIs. The implementation and evolution of applications based on Web APIs is, however, hampered by the lack of automation that can be achieved with current technologies. Research on semantic Web services is therefore trying to adapt the principles and technologies that were devised for traditional Web services, to deal with this new kind of services. In this paper we show that currently more than 80% of the Web APIs require some form of authentication. Therefore authentication plays a major role for Web API invocation and should not be neglected in the context of mashups and composite data applications. We present a thorough analysis carried out over a body of publicly available APIs that determines the most commonly used authentication approaches. In the light of these results, we propose an ontology for the semantic annotation of Web API authentication information and demonstrate how it can be used to create semantic Web API descriptions. We evaluate the applicability of our approach by providing a prototypical implementation, which uses authentication annotations as the basis for automated service invocation.


Authentication Protocol Semantic Annotation Semantic Description Authentication Information Authentication Credential 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Richardson, L., Ruby, S.: RESTful Web Services. O’Reilly Media, Sebastopol (May 2007)Google Scholar
  2. 2.
    Hadley, M. J.: Web Application Description Language (WADL). Technical report, Sun Microsystems (November 2006),
  3. 3.
    Web Services Description Language (WSDL) Version 2.0. W3C Recommendation (June 2007),
  4. 4.
    Kopecký, J., Vitvar, T., Fensel, D., Gomadam, K.: hRESTS & MicroWSMO. Technical report (2009),
  5. 5.
    Sheth, A.P., Gomadam, K., Lathem, J.: SA-REST: Semantically Interoperable and Easier-to-Use Services and Mashups. IEEE Internet Computing 11(6), 91–94 (2007)CrossRefGoogle Scholar
  6. 6.
    Kopecký, J., Vitvar, T., Bournez, C., Farrel, J.: SAWSDL: Semantic Annotations for WSDL and XML Schema. IEEE Internet Computing 11(6), 60–67 (2007)CrossRefGoogle Scholar
  7. 7.
    Kopecký, J., Gomadam, K., Vitvar, T.: hRESTS: an HTML Microformat for Describing RESTful Web Services. In: Proceedings of International Conference on Web Intelligence, WI 2008 (2008)Google Scholar
  8. 8.
    RDFa in XHTML: Syntax and Processing. Proposed Recommendation, W3C (September 2008),
  9. 9.
    Nadalin, A., Kaler, C., Monzillo, R., Hallam-Baker, P.: Web Services Security: SOAP Message Security 1.1, WS-Security 2004 (2006)Google Scholar
  10. 10.
    Franks, J., Hallam-Baker, P., Hostetler, J.: HTTP Authentication: Basic and Digest Access Authentication RFC 2617. The Internet Society (1999)Google Scholar
  11. 11.
    Freed, N., Borenstein, N.: Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies,
  12. 12.
    The MD5 Message-Digest Algorithm, (visited June 2010)
  13. 13.
    Atwood, M., et al.: OAuth Core 1.0 Specification,
  14. 14.
    Maleshkova, M., Pedrinaci, C., Domingue, J.: Supporting the creation of semantic RESTful service descriptions. In: Service Matchmaking and Resource Retrieval in the Semantic Web (SMR2) at 8th International Semantic Web Conference (2009)Google Scholar
  15. 15.
    Álvaro, G., Martínez, I., Gómez, J.M., Lecue, F., Pedrinaci, C., Villa, M., Di Matteo, G.: Using SPICES for a Better Service Consumption. Poster at the 7th Extended Semantic Web Conference, ESWC (2010)Google Scholar
  16. 16.
    Close, T.: Web-key: Mashing with Permission. In: Proceedings of Web 2.0 Security and Privacy (2008)Google Scholar
  17. 17.
    Story, H., Harbulot, B., Jacobi, I., Jones, M.: FOAF+SSL: RESTful Authentication for the Social Web. In: SPOT 2009 European Semantic Web Conference (2009)Google Scholar
  18. 18.
    Kagal, L., Paolucci, M., Srinivasan, N., Denker, G., Finin, T., Sycara, K.: Authorization and Privacy for Semantic Web Services. IEEE Intelligent Systems 19(4) (July 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Maria Maleshkova
    • 1
  • Carlos Pedrinaci
    • 1
  • John Domingue
    • 1
  • Guillermo Alvaro
    • 2
  • Ivan Martinez
    • 2
  1. 1.Knowledge Media Institute (KMi)The Open UniversityUnited Kingdom
  2. 2.Intelligent Software Components (iSOCO)MadridSpain

Personalised recommendations