Authorization-aware HATEOAS

Marc Hüffmeyer, Florian Haupt, Frank Leymann, Ulf Schreier

Abstract

The architectural style named Representational State Transfer (REST) is nowadays widely established and still enjoys a growing popularity. One of the core principles of REST is referred as ”Hypermedia as the Engine of Application State” (HATEOAS). HATEOAS is one of the foundations of the scalability that RESTful systems provide and enables the decoupling of client and server. But the realization of HATEOAS is challenging, because there is no systematic approach how to enforce the constraint. Therefore, the implementation is mostly up to the developer of a RESTful service. This work describes a new method of how to apply the HATEOAS constraint. We describe a method that systematically enables HATEOAS based on REST API models and the integration of access control mechanisms. In order to avoid unauthorized access attempts and unnecessary network traffic, the resource representations are customized to the requesting subject. References that lead to not accessible resources, are not included in the customized resource representations. Therefore, an attribute based access control mechanism is extended to distinguish between static and dynamic attributes. A 2-phase authorization procedure is introduced that relies on this discrimination and determines the references which must be included in the resource representation. The result is a flexible realization of HATEOAS based on formal models.

Download


Paper Citation


in Harvard Style

Hüffmeyer M., Haupt F., Leymann F. and Schreier U. (2018). Authorization-aware HATEOAS.In Proceedings of the 8th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-295-0, pages 78-89. DOI: 10.5220/0006683700780089


in Bibtex Style

@conference{closer18,
author={Marc Hüffmeyer and Florian Haupt and Frank Leymann and Ulf Schreier},
title={Authorization-aware HATEOAS},
booktitle={Proceedings of the 8th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2018},
pages={78-89},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006683700780089},
isbn={978-989-758-295-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Authorization-aware HATEOAS
SN - 978-989-758-295-0
AU - Hüffmeyer M.
AU - Haupt F.
AU - Leymann F.
AU - Schreier U.
PY - 2018
SP - 78
EP - 89
DO - 10.5220/0006683700780089