BUILDING OF DISTRIBUTED RESTful SERVICES AND RESOURCES FOR AUTHORIZATION ISSUES.

Abstract

In systems, numerous services require access to shared resources. Ideally, under such circumstances, minimizing data duplication is highly desirable. SOA simplifies the development of such systems by establishing distinct services that can be utilized by multiple services (applications). REST is an architectural style rooted in SOA that serves as a basis for designing and building contemporary web services (applications). It provides a method for developing distributed services commonly referred to as REST or RESTful services. One of the key aspects of REST is that it is stateless, meaning that the service does not retain any information about previous requests. Typically, when developing a REST service for a specific dataset, we represent the whole data via the relevant service. In scenarios where enhanced flexibility is needed, such as those involving authorization and privacy concerns, should limit the dataset accessible by an application (service). To achieve this, based on the REST approach (style), it is implemented a dedicated service endpoint that can handle the required filtering. Following the authentication procedure, most web services-based applications use application-specific access control mechanisms to make authorization decisions. Services can interact with one another, sometimes relying on a trust-based relationship. However, if unauthorized access is gained to a particular service, it could potentially jeopardize the whole security system. In RESTful services, authorization plays a tremendous role in terms of security, so services are constantly charged with authorizing users. Security as an essential aspect of services affects that servers necessarily contain the authorization mechanism, and they must authorize each service for each of their requests. The management of authorization permissions is handled by a dedicated service within the distributed environment. Simultaneously, this approach facilitates the creation of more streamlined service implementations as the responsibility for authorization management is transferred to a central service, which directs all other services. A RESTful services’ authorization management framework is proposed and the possibility to manage service access authorization to specific services (resources) is described, implemented, analyzed, and compared. The study is concluded with the presentation of experimental results and evaluation derived from the implementation of the REST services based on the proposed framework.