Access Control for RESTful Web Services

Abstract

Web services is the prominent methodology of communicating data over network. A web service accepts an XML based or JSON based request and return a response according to the request. RESTful form of web services is a mechanism of exchanging data in compliance with HTTP protocol. These services may or may not supply confidential information. Information security has three main aspects – Confidentiality, Integrity and Availability. The data services which give out potentially secretive information need to be secure from any unauthorized access. These services can be restricted to a user, a group of users, based on time, etc. This study is about defining and implementing an extensible access control framework for RESTful web services. There are quite a number of security frameworks that provide access control systems in the market. But none of them can be connected to authorize a RESTful web service out of the box. This framework should be able to connect to any authentication, authorization and accounting service. This study will further benchmark the new access control framework's performance in order to position it with the other access control systems in the market.