Hecate, Managing Authorization with RESTful XML
2011, Graf, Sebastian, Zholudev, Vyacheslav, Lewandowski, Lukas, Waldvogel, Marcel
The potentials of REST offers new ways for communications between louse coupled entities featured through the Web of Things . The binding of the disjunct components of this architecture creates security issues, such as the centralized authorization techniques respecting the independence of the underlying entities. This results in the question how authorization is performed respecting the flexibility of REST without any knowledge about the underlying resources. Nevertheless, possible knowledge about these resources should enable the authorization workflow to offer finer-granular permissions on substructures of the resources. With our new approach - we named Hecate- we offer a framework to assure simplified handling while keeping the potentials and flexibility of REST . We have designed an architecture based on XML with a flexible authorization mechanism on the one hand and optional resource-awareness on the other hand. The flexibility within the authorization work-flow bases on permission sets respecting the HTTP- verbs. Additional in-depth knowledge of the entity option- ally extends these permissions with resource-aware filters. Hecate offers not only great benefits because of its flexibility, but also because of the optional extensibility proved within the two reference implementations. With Hecate, we show that a centralized authorization mechanism combining independence and optional resource-based filtering extends the flexibility of REST rather than restricting it.
JAX-RX - Unified REST Access to XML Resources
2010, Graf, Sebastian, Lewandowski, Lukas, Grün, Christian
REST nowadays represents, besides SOAP, one common way to access distributed resources in a web-affine manner. While SOAP can be easily utilized by high-level programming languages like Java (e.g. JAX-WS as one common standardized way), REST catches up regarding straight usages (e.g JAX-RS regarding Java).
With the clean and direct usage of JAX-RS, common layers for standardised access on heterogeneous XML-resources can be defined. This is what the project JAX-RX stands for: Based on XML as modern resource in the WWW, we defined a common application programming interface to access Java enabled XML resource easily in a common way. Using a common architecture for the uniform resource locator on the one hand and defining suitable interfaces on the other hand, every XML generating resources can be \RESTified\ with nearly no effort. This technical report describes the motivation, the architecture and the usage of our XML-enabling API called JAX-RX.
Integrity Assurance for RESTful XML
2010, Graf, Sebastian, Lewandowski, Lukas, Waldvogel, Marcel
The REpresentational State Transfer (REST) represents an extensible, easy and elegant architecture for accessing web-based re- sources. REST alone and in combination with XML is fast gaining mo- mentum in a diverse set of web applications. REST is stateless, as is HTTP on which it is built. For many applications, this not enough, es- pecially in the context of concurrent access and the increasing need for auditing and accountability. We present a lightweight mechanism which allows the application to control the integrity of the underlying resources in a simple, yet flexible manner. Based on an opportunistic locking ap- proach, we show in this paper that XML does not only act as an exten- sible and direct accessible backend that ensures easy modifications due to the allocation of nodes, but also gives scalable possibilities to perform on-the-fly integrity verification based on the tree structure.