An extended UsernameToken-based approach for REST-style Web Service Security Authentication

Author

Peng, Dunlu ; Li, Chen ; Huo, Huan

Author_Institution

Sch. of Opt.-Electr. & Comput. Eng., Univ. of Shanghai for Sci. & Technol., Shanghai, China

fYear

2009

fDate

8-11 Aug. 2009

Firstpage

582

Lastpage

586

Abstract

Web service security is essential for SOA-based applications. Based on the analysis of the two existing authentications of REST-style Web services, Basic HTTP Authentication and HTTP Digest Authentication, we propose an extended UsernameToken-based approach for REST-style Web service. In this approach, the WS-Security UsernameToken and secondary password are added into the HTTP header. By this way, the approach allows service providers to define their own authentication which makes up for the disadvantages of the current security aspect of REST-style Web services, especially when Basic HTTP Authentication and HTTP Digest Authentication are not applicable. Analysis shows that the approach implements the REST-style Web service security effectively.

Keywords

Web services; security of data; software architecture; REST; Web service; extended usernametoken; security authentication; service oriented architecture; Authentication; Computer security; Costs; Information security; Optical computing; Service oriented architecture; Software systems; Web server; Web services; XML; REST; UsernameToken; WS-Security; Web Service;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Information Technology, 2009. ICCSIT 2009. 2nd IEEE International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-4519-6

Electronic_ISBN

978-1-4244-4520-2

Type

conf

DOI

10.1109/ICCSIT.2009.5234805

Filename

5234805