Authentication and Authorization Management in SOA with the Focus on RESTful Services

Abstract

SOA is an architectural style that enables providing applications as services. Following the authentication procedure, most Web services-based applications use application-specific access control mechanisms to make authorization decisions. Services can interact with one another, sometimes relying on a trust-based relationship. However, if unauthorized access is gained to a particular service, it could potentially jeopardize the whole security system. REST, likewise, is an architectural style defined by a set of principles for creating network-based software structures. These concepts come together to form a coherent metaphor for the Web’s processes and interactions. In RESTful services, authentication and authorization play a tremendous role in terms of security, so services are constantly charged with authenticating users. Security as an essential aspect of services affects those servers necessarily containing the authentication mechanism, and they must authenticate each service for each of its requests. This study presents the mechanisms of authentication and authorization in RESTful services. A RESTful service’s authorization management framework is proposed and the possibility to manage service access authorization to specific services (resources) is described and implemented. The paper is concluded with the presentation of experimental results derived from the implementation of the REST services based on the proposed framework.