Abstract: Web services are application based programming interfaces (API) or web APIs that are accessed
through Hypertext Transfer Protocol (HTTP) to execute on a remote system hosting the requested services. A
RESTFUL web service is a budding technology, and a light weight approach that do not restrict the clientserver
communication. The open authorization (OAuth) 2.0 protocol enables the users to grant third-party
application access to their web resources without sharing their login credential data. The Authorization Server
includes authorization information with the Access Token and signs the Access Token. An access token can be
reused until it expires. An authentication filter is used for business services. This paper presents a secure
communication at the message level with minimum overhead and provides a fine grained authenticity using the
Jersey framework.
Keywords: Open authorization (oauth), Restful web services, HTTP protocols and uniform resource
identifier(URI).
A Survey on SSO Authentication protocols: Security and PerformanceAmin Saqi
In this document we survey some of Single-Sign-On web authentication protocols and compare their security and performance. In this survey we concentrate on OAuth 2.0 Authorization Framework, OpenID Connect 1.0, Central Authentication Service (CAS) 3.0 and Security Assertion Markup Language (SAML) 2.0 protocols.
Introducing OpenID 1.0 Protocol: Security and PerformanceAmin Saqi
In this document we review the security and performance of the OpenID Connect 1.0 protocol. OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
Algorithm for Securing SOAP Based Web Services from WSDL Scanning Attacksiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
A Web service (WS*-) is a software system designed to support interoperable machine-to-machine
interaction over a network (WSDL) i.e between a client and a service. It has an interface described in a
machine-processable format . Other systems interact with the Web service in a manner prescribed by its
description using SOAP messages which is a protocol define by world wide web consortium, typically
conveyed using HTTP with an XML serialization in conjunction with other Web-related standards. Windows
Communication Foundation (WCF) is a framework for building service-oriented applications. Using WCF,
you can send data as asynchronous messages from one service endpoint to another. A service endpoint can
be part of a continuously available service hosted by IIS, or it can be a service hosted in an application like
an .exe file. An endpoint can be a client of a service that requests data from a service endpoint. The messages
can be as simple as a single character or word sent as XML document, or as complex as a stream of binary
data. In this paper ,We gave the Adavantages that are Available by using wcf ,instead of webservices and
other.
A Survey on SSO Authentication protocols: Security and PerformanceAmin Saqi
In this document we survey some of Single-Sign-On web authentication protocols and compare their security and performance. In this survey we concentrate on OAuth 2.0 Authorization Framework, OpenID Connect 1.0, Central Authentication Service (CAS) 3.0 and Security Assertion Markup Language (SAML) 2.0 protocols.
Introducing OpenID 1.0 Protocol: Security and PerformanceAmin Saqi
In this document we review the security and performance of the OpenID Connect 1.0 protocol. OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
Algorithm for Securing SOAP Based Web Services from WSDL Scanning Attacksiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
A Web service (WS*-) is a software system designed to support interoperable machine-to-machine
interaction over a network (WSDL) i.e between a client and a service. It has an interface described in a
machine-processable format . Other systems interact with the Web service in a manner prescribed by its
description using SOAP messages which is a protocol define by world wide web consortium, typically
conveyed using HTTP with an XML serialization in conjunction with other Web-related standards. Windows
Communication Foundation (WCF) is a framework for building service-oriented applications. Using WCF,
you can send data as asynchronous messages from one service endpoint to another. A service endpoint can
be part of a continuously available service hosted by IIS, or it can be a service hosted in an application like
an .exe file. An endpoint can be a client of a service that requests data from a service endpoint. The messages
can be as simple as a single character or word sent as XML document, or as complex as a stream of binary
data. In this paper ,We gave the Adavantages that are Available by using wcf ,instead of webservices and
other.
We believed thatWeb services facilitate application to appli-cation interaction over the Internet. However, clients have no state-of-art on how Web services should be implemented. Service vendors promote services concerned about the value added services that are based on SOAP, it is a W3C standard and ideal technology, while a few, but local developers claim that a simpler approach, called REST, is often more acceptable. In this paper, we investigate the fundamental support of SOAP as well as REST. Furthermore, we cover the relevance of SOAP and REST in different domains.
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
Roland Hedberg, Umeå University
All you need to know about OpenID Connect, with concrete examples and hands-on demos that illustrate how OpenID Connect can be used in web and mobile scenarios.
A Survey on Authorization Systems for Web Applicationsiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This presentation examines architectural patterns for SOA security according the externalization of the cross-cutting concerns of authorization and authentication as well as the integration of identity federation. Conceptual building blocks for SOA security are sketched and assessed with respect to classical security means. Web services-based SOA systems are considered in particular. The analysis considers the native security functionality of common Web service stacks (e.g. Apache Axis, Microsoft WCF, Sun JAX-WS RI/WSIT).
Design and Configuration of App Supportive Indirect Internet Access using a ...IJMER
Nowadays apps satisfy a wide array of requirements but are particularly very useful for educational institutions trying to realize their mobile learning systems or for companies wishing to bolster their businesses. A company/institute that wants to perform web filtering, caching, user monitoring etc. and allow Internet access only after authentication might use an explicit proxy. It has
been observed that most of the apps that need to connect to the Internet through an explicit proxy, do not
work whatsoever. In this paper, a solution has been proposed to get the apps working without having to
avoid the use of a proxy server. The solution is developed around transparent proxy and makes use of a captive portal for authentication. Oracle VM VirtualBox was used to develop a test bed for the experiment and pfSense was used as the firewall which has both proxy server and captive portal services integrated on a single platform. When tested, Windows 8 apps as well as Ubuntu apps worked well without sacrificing proxy server services such as web filtering. The proposed solution is widely
applicable and cost-effective as it uses open source software and essentially the same hardware as used
for explicit proxy deployments.
Nasal Parameters of Ibibio and Yakurr Ethnic Groups of South South NigeriaIOSR Journals
The study involved 400 subjects, 200 each of the two ethnic groups(100 males and 100 females). The age range was 18-35years. Subjects with facial deformities or surgeries that involved the nasal region were excluded from the study. Subjects that have both parents and grandparents of each ethnic group and who have lived in that environment for at least the first 18years of their lifetime were selected for the study. The nasal length and width were measured using spreading calipers and nasal indices deducted from these measurements. Test for significance was done using the students’ t-test. Results showed the nasal indices of the Ibibio males and females to be 86.58±1.20 and 81.75±1.14 respectively and for the Yakurr males and females, it was 77.76±0.82 and 102.27±1.13 respectively. There was significant ethnic and gender differences in all the nasal parameters (nasal length, nasal width and nasal indices) at p<0.05. From the nasal indices the nose type of the Ibibio males is platyrrhine while that of the Ibibio females is mesorrhine, the Yakurr males also have mesorrhine nose type while the Yakurr females have platyrrhine nose type. With this result, nasal parameters could be a useful tool in gender and ethnic differentiation between the Ibibio and Yakurr ethnic groups.
We believed thatWeb services facilitate application to appli-cation interaction over the Internet. However, clients have no state-of-art on how Web services should be implemented. Service vendors promote services concerned about the value added services that are based on SOAP, it is a W3C standard and ideal technology, while a few, but local developers claim that a simpler approach, called REST, is often more acceptable. In this paper, we investigate the fundamental support of SOAP as well as REST. Furthermore, we cover the relevance of SOAP and REST in different domains.
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
Roland Hedberg, Umeå University
All you need to know about OpenID Connect, with concrete examples and hands-on demos that illustrate how OpenID Connect can be used in web and mobile scenarios.
A Survey on Authorization Systems for Web Applicationsiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This presentation examines architectural patterns for SOA security according the externalization of the cross-cutting concerns of authorization and authentication as well as the integration of identity federation. Conceptual building blocks for SOA security are sketched and assessed with respect to classical security means. Web services-based SOA systems are considered in particular. The analysis considers the native security functionality of common Web service stacks (e.g. Apache Axis, Microsoft WCF, Sun JAX-WS RI/WSIT).
Design and Configuration of App Supportive Indirect Internet Access using a ...IJMER
Nowadays apps satisfy a wide array of requirements but are particularly very useful for educational institutions trying to realize their mobile learning systems or for companies wishing to bolster their businesses. A company/institute that wants to perform web filtering, caching, user monitoring etc. and allow Internet access only after authentication might use an explicit proxy. It has
been observed that most of the apps that need to connect to the Internet through an explicit proxy, do not
work whatsoever. In this paper, a solution has been proposed to get the apps working without having to
avoid the use of a proxy server. The solution is developed around transparent proxy and makes use of a captive portal for authentication. Oracle VM VirtualBox was used to develop a test bed for the experiment and pfSense was used as the firewall which has both proxy server and captive portal services integrated on a single platform. When tested, Windows 8 apps as well as Ubuntu apps worked well without sacrificing proxy server services such as web filtering. The proposed solution is widely
applicable and cost-effective as it uses open source software and essentially the same hardware as used
for explicit proxy deployments.
Nasal Parameters of Ibibio and Yakurr Ethnic Groups of South South NigeriaIOSR Journals
The study involved 400 subjects, 200 each of the two ethnic groups(100 males and 100 females). The age range was 18-35years. Subjects with facial deformities or surgeries that involved the nasal region were excluded from the study. Subjects that have both parents and grandparents of each ethnic group and who have lived in that environment for at least the first 18years of their lifetime were selected for the study. The nasal length and width were measured using spreading calipers and nasal indices deducted from these measurements. Test for significance was done using the students’ t-test. Results showed the nasal indices of the Ibibio males and females to be 86.58±1.20 and 81.75±1.14 respectively and for the Yakurr males and females, it was 77.76±0.82 and 102.27±1.13 respectively. There was significant ethnic and gender differences in all the nasal parameters (nasal length, nasal width and nasal indices) at p<0.05. From the nasal indices the nose type of the Ibibio males is platyrrhine while that of the Ibibio females is mesorrhine, the Yakurr males also have mesorrhine nose type while the Yakurr females have platyrrhine nose type. With this result, nasal parameters could be a useful tool in gender and ethnic differentiation between the Ibibio and Yakurr ethnic groups.
Study of Boron Based Superconductivity and Effect of High Temperature Cuprate...IOSR Journals
This paper illustrates the main normal and Boron superconducting state temperature properties of magnesium diboride, a substance known since early 1950's, but lately graded to be superconductive at a remarkably high critical temperature Tc=40K for a binary synthesis. What makes MgB2 so special? Its high Tc, simple crystal construction, large coherence lengths, high serious current densities and fields, lucidity of surface boundaries to current promises that MgB2 will be a good material for both large scale applications and electronic devices. Throughout the last seven month, MgB2 has been fabricated in various shape, bulk, single crystals, thin films, ribbons and wires. The largest critical current densities >10MA/cm2 and critical fields 40T are achieved for thin films. The anisotropy attribution inferred from upper critical field measurements is still to be resolved, a wide range of values being reported, γ = 1.2 ÷ 9. Also there is no consensus about the existence of a single anisotropic or double energy cavity. One central issue is whether or not MgB2 represents a new class of superconductors, being the tip of an iceberg that waits to be discovered. Until now MgB2 holds the record of the highest Tc among simple binary synthesis. However, the discovery of superconductivity in MgB2 revived the interest in non-oxides and initiated a search for superconductivity in related materials, several synthesis being already announced to become superconductive: TaB2, BeB2.75, C-S composites, and the elemental B under pressure.
Thorny Issues of Stakeholder Identification and Prioritization in Requirement...IOSR Journals
Abstract: Identifying the stakeholder in requirement engineering process is one of the critical issues. It
performs a remarkable part for successful project completion. The software project largely depends on several
stakeholders. Stakeholder identification and prioritization is still a challenging part in the software development
life cycle. Most of the time, the stakeholders are treated with less importance during the software deployment.
Additionally, there is a lack of attempt to think about the right project stakeholder by the development team. In
maximum cases, the stakeholder identification technique is performed incorrectly and there is a lack of attempt
to mark out them with priority. Besides, there are so many limitations on the existing processes which are used
for identifying stakeholders and setting their priority. These limitations pose a negative impact on the
development of software project, which should be pointed out by giving deep concern on it. We are aiming to
focus on this typical fact, so that we can figure out the actual problem and current work on identifying
stakeholders and setting their priority.
Keywords: Stakeholders, Stakeholder Identification, Stakeholder Selection, Stakeholder
Prioritization, Stakeholder Value, Software Development
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
OAuth 2.0 seems to be a comprehensive framework for authorizing access to protected resources, but is it really? We can argue that OpenID Connect will make it enterprise ready, but level of adoption in the enterprise is yet to be seen. This primer describes the framework fundamentals,the good, the bad, and common OAuth 2.0 flows.
The world of Identity and Access Management is ruled by two things, acronyms and standards. In our hugely popular blog post on SAML vs OAuth we compared the two most common authorization protocols – SAML2 and OAuth 2.0. This white paper extends that comparison with the inclusion of a third protocol, OpenID Connect. We also touch on the now obsolete OpenID 2.0 protocol.
Design and Implementation of an IP based authentication mechanism for Open So...WilliamJohn41
Proxy servers are being increasingly deployed at organizations for performance benefits; however,
there still exists drawbacks in ease of client authentication in interception proxy mode mainly for Open
Source Proxy Servers.
Technically, an interception mode is not designed for client authentication, but implementation in
certain organizations does require this feature. In this paper, we focus on the World Wide Web, highlight
the existing transparent proxy authentication mechanisms, its drawbacks and propose an authentication
scheme for transparent proxy users by using external scripts based on the clients Internet Protocol
Address. This authentication mechanism has been implemented and verified on Squid-one of the most
widely used HTTP Open Source Proxy Server.
OAuth2 Implementation Presentation (Java)Knoldus Inc.
The OAuth 2.0 authorization framework is a protocol that allows a user to grant a third-party web site or application access to the user's protected resources, without necessarily revealing their long-term credentials or even their identity. It is commonly used in scenarios such as user authentication in web and mobile applications and enables a more secure and user-friendly authorization process.
APIs are now the standard entry point to the majority of newly created ‘back-end’ functionality. These APIs exist to provide not only a standardized, structured way to access the required features or functions, but also to act as ‘gatekeepers’, ensuring appropriate security, auditing, accounting etc. Security is always underpinned by identity and as such, APIs need to know if not who is accessing them, what is the context in which they are being accessed.
Automation API testing becoming a crucial part of most of the project. This whitepaper provides an insight into how API automation with REST Assured is certainly the way forward in API testing.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Survey on Restful Web Services Using Open Authorization (Oauth)I01545356
1. IOSR Journal of Computer Engineering (IOSR-JCE)
e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 15, Issue 4 (Nov. - Dec. 2013), PP 53-56
www.iosrjournals.org
www.iosrjournals.org 53 | Page
Survey on Restful Web Services Using Open Authorization
(Oauth)
K. V. Kanmani, P. S. Smitha
PG Student Velammal Engineering College, Chennai-66.
Assistant ProfessorVelammal Engineering College, Chennai-66.
Abstract: Web services are application based programming interfaces (API) or web APIs that are accessed
through Hypertext Transfer Protocol (HTTP) to execute on a remote system hosting the requested services. A
RESTFUL web service is a budding technology, and a light weight approach that do not restrict the client-
server communication. The open authorization (OAuth) 2.0 protocol enables the users to grant third-party
application access to their web resources without sharing their login credential data. The Authorization Server
includes authorization information with the Access Token and signs the Access Token. An access token can be
reused until it expires. An authentication filter is used for business services. This paper presents a secure
communication at the message level with minimum overhead and provides a fine grained authenticity using the
Jersey framework.
Keywords: Open authorization (oauth), Restful web services, HTTP protocols and uniform resource
identifier(URI).
I. Introduction
A web service is a methodology to communicate between two electronic devices over World Wide
Web. The Web service is a virtual component that can be accessed through multiple formats and protocols [10].
Web service techniques are loosely coupled, distributed and heterogeneous software systems. Basically, there
are two types of Web service enabling technologies: SOAP (Simple Object Access Protocol) based and REST
(Representational State Transfer) styled [1]. The original HTTP (Hyper Text Transfer protocol) and HTML
(Hyper Text Markup language) protocols are confirmed to be a cost-effective to the user interfaces [11]. A key
factor of HTTP and HTML is the simplicity i.e. both HTTP and HTML are primarily text-based and can be
implemented using a variety of operating systems and programming environment.
The term Representational State Transfer (REST) was introduced by Roy Fielding to identify an
architectural style based on principles, addressability, uniform interface, and statelessness[1].In this section the
Rest based services is a light weighted approach. REST does not restrict client-server communication to a
particular protocol, but it is the most commonly used with HTTP because HTTP is the primary transfer protocol.
The building blocks of the Web are called resources [3].Resources are manipulated through messages that have
standard meanings on the Web called as HTTP methods. Resources are named with uniform resource identifier
(URIs) [2].
The advantage of using HTML-based user interfaces (UIs) [7] is that they work well across devices
with a capable Web browser. OAuth is used for implementing mash up applications that involves services from
different service providers. Most of the new public web services from large vendors (Google, Yahoo, Amazon,
and Microsoft) rely on REST as the technology for sharing and merging information from multiple sources.
OAuth 1.0 has various ways to make it into the project domain with the lack of performance
optimization offered by the protocol. Companies like Microsoft, Google, and other large organizations projected
OAuth WRAP (Web Resource Authorization Profiles) which is used to solve the performance and made
possible by the enterprise to adopt easily [8]. OAuth is verified by the WRAP recommendation into OAuth 2.0.
The OAuth Web Resource Authorization Profiles (OAuth WRAP) permits the Resource to
communicate the authorization and access the Resource to more trusted authorities. The Clients access a
Resource that obtains an authorization from the trusted authority (Authorization Server). Once the authorization
is provided with an Access Token to the client, a Refresh Token is obtained by a new Access Tokens.
The Authorization Server includes information about the authorization in the Access Token and signs
the access Token. The Protected Resource checks whether the Access Token received was from a Client and
issued by an Authorization Server and checks whether it is a valid one. The Protected Resource checks the
contents of the Access Token to determine the authorization that was granted to the Client was an authorized
one.
2. Survey On Restful Web Services Using Open Authorization (Oauth)
www.iosrjournals.org 54 | Page
The rest of the sections is organized as follows:
Section II explains about Open authorization protocol. Section III explains about Rest principles.
Section IV explains about the architectural models. Section V explains about
Techniques used for restful web services.
II. Openauthorization(Oauth) Protocol
Securing Restful Web services involves securing the data, as well as the entire communication to
protect the confidentiality and integrity of the data. The communication verifies the authentication and access
control, to ensure whether the privacy is maintained. The security behind the web service is OAuth 2.0 protocol
[6], which is adopted by major service providers. The OAuth 2.0 protocol enables users to grant third-party
application access to the web resources without sharing their login credential data.
Client Browser Resource
owner
Server
Request
Redirection
Redirects the URI
Response Redirected
User Authorizes
Authorization code
Request for Access token
Access Token with RefreshToken
Protected Resource with Access Token
FIG 1. Oauth protocol architecture flow diagram
In fig 1. the client redirects the request to the browsers. The resource owner identifies a uniform resource
identifier (URI) and redirects to the authorization server (AS). The authorization server authenticates from the
resource owner to check whether the owner denies or accept the client request. An authentication code (AC) is
generated from the AS and redirect to client. The client sends back the request with AC and URI to the AS to
verify the code. An Access token is created and sent to the client.
The purpose of the token is to make it redundant for the resource owner to share its credentials with the
client. The server receives the protected resources with the access token from the client. Rather than relying on a
single password as the master key for every app that accesses an API, OAuth uses this token. The OAuth
protocol enables a website or application (known as a service consumer) to access the protected resources from
a web service (known as a service provider) through an API. With OAuth, the browser redirects the resource in-
dividually to verify authentication. Therefore, using verifiable and cacheable assertions reduces network
transparency for clients [12]. Another emerging protocol is XAuth, an open platform for extending authenticated
user services across the Web which has lot of security problems.
III. Rest Principles
This paper proposes a secure communication at the message level with minimum overhead and also
provides a fine authenticity, and confidentiality [5]. REST protocol helps to maintain the scalability of a server,
for a very large number of clients. The advantage of including cache constraints is to improve the efficiency,
scalability, and performance and reduce the latency of interactions. The methods used are GET, POST, PUT and
DELETE operations[3] which are based on the http method used to create, retrieve, update, and delete
operations on resources, respectively. The restful approach significantly reduces the transparencies that are
caused by the required processing of SOAP-based messages due to the open and uniform identifying scheme.
GET - Used to Retrieve Data
POST - To Append Data into the server
3. Survey On Restful Web Services Using Open Authorization (Oauth)
www.iosrjournals.org 55 | Page
PUT - Used for Inserts and Updates
DELETE - Used to delete data
In this paper we provide a security protocol to make message security implementation as lightweight [7] and
efficient to respect the REST principles and how the resources are manipulated through a message signature and
address communication security for Restful services at a fine grained level. REST interaction was a two-way
process with large-grain data of hypermedia interaction can be processed in a data-flow network, and the filter
components are applied to the data stream in order to transform the content [9].In REST, components are
actively used to transform the content of messages because messages are self-descriptive and are visible to
intermediates [14].
IV. Architectural Model:
Fig 2. Explains how an Authorization Server gets the request from the User. The Client starts the
authorization flow and obtains an agreement from the Authorization Server on behalf of the User’s. At this
point, if it is successful, the Authorization Server issues an authorization code (one-time token). Client
exchanges the authorization code for an access token. The clients request the POST method which is designed to
request the server to accept the data which are enclosed in the request message's body for storage. A feedback is
given to the client from the resource server. The client sends the result to the user. One of the security threats in
OAuth2 is a malevolent Client stealing the tokens asking for an arbitrary transmit, so that Authorization Servers
protect the token against this by requiring Clients to register one or more redirect URIs.
Fig 2: Architectural flow diagram
The Authorization Server is called due to the interface that provides users to confirm that they authorized to the
Client to act on behalf of the server. The UAA (User agent authentication), and Oauth2 is used to, provide a
simple form-based interface in the general case, but allow auto-approval of certain clients.
V. Techniques Used For Restful Web Services:
The techniques used in Restful web services are
1)Restlet : Restlet is a lightweight, open source framework for the Java platform. Restlet is appropriate for both
server and client Web applications. It supports major Internet transport, data format, and service description
standards like HTTP and HTTPS, SMTP (simple mail transfer protocol).
2)RESTEasy : RESTEasy provides frameworks to build Restful Web Services and Restful Java applications. It
is certified fully for the JAX-RS specification. JAX-RS is a new JCP (java community process) specification.
3) Jersey: Jersey is an open source that builds the production quality reference implementation of JSR-311:
JAX-RS- Java API for Restful Web Services. HTTP uses Multipurpose Internet Mail Extensions (MIME)
4. Survey On Restful Web Services Using Open Authorization (Oauth)
www.iosrjournals.org 56 | Page
media types to identify the data formats [2], Some of the common MIME are given in table 1 used by the restful
services.
Table 1. Common MIME types used by Restful services
VI. Conclusion:
Representational State Transfer is significantly grown using various techniques of a software
architectural style for handling web-based integration, which can be used to contribute web services using data
interchange format as well as OAuth as authorization protocol. This paper presents a literature survey on these
various techniques and how each of these techniques has their own benefits and limitations. This paper discusses
on how REST protocol is performed using open authorization. Compared to the SOAP-based integration
approach, REST has many advantages such as service is addressable and can be connected to, interface is
consistent, and resources can be cached. Moreover, Restful Web services are the Web service that have a simple
description of the document and is easy to release, and provides a platform for the future work on web services.
References:
[1] Serme, G.,de Oliveira, A.S. ; Massiera, J. and Roudier, Y.“ Enabling Message Security for RESTful Services”.In Proceedings Web
Services (ICWS), 2012 IEEE 19th International Conference on web services pages 114 – 121.
[2] S. Vinoski, “RESTful Web Services Development Checklist,” Internet Computing, IEEE, vol. 12, no. 6, 2008, pp. 96-95.
[3] Paul Adamczyk, Patrick H. Smith, Ralph E. Johnson, and Munawar Hafiz “REST and Web Services: In Theory and in Practice”
Pages (35-57), 2011, springer NewYork.
[4] D. Booth et al., “Web Services Architecture,” W3C Working Group Note, February 2004. http://www.w3.org/TR/ws-arch/.
[5] Belqasmi, F.Glitho, R. and Chunyan Fu “RESTful web services for service provisioning in next-generation networks”
Communication Magazine, IEEE (Volume:49 , Issue: 12 on December 2011.
[6] San-Tsai Sun and Konstantin (Kosta) Beznosov “An empirical analysis of OAuth SSO systems”In proceedings of the 2012 ACM
conference on computer and communication security, pages (378-390).
[7] Christian Prehofer, Jilles van Gurp, Vlad Stirbu, Sailesh Sathish, Pasi P. Liimatainen, Cristiano di Flora, and Sasu Tarkoma
“Practical web-based smart spaces” Pervasive Computing, IEEE (Volume:9 , Issue: 3 on july-sept 2010.
[8] Noureddine, M. and Bashroush, R., A Performance Optimization Model towards OAuth 2.0 Adoption in the Enterprise Cybernetic
Intelligent Systems (CIS), 2011 IEEE 10th International Conference on 1-2 Sept. 2011, pp 76-80.
[9] Fielding, R.T. and Taylor, R.N., “Principled design of the modern Web architecture” Software Engineering, 2000. Proceedings of
the 2000 International Conference on June 2000, pg 407-416.
[10] Frank Leymann “Web Services: Distributed Applications without Limits” http://citeseerx.ist.psu.edu Conference held on 2003 pg:
26-28.
[11] Cesare Pautasso, Olaf Zimmermann and Frank Leymann “Restful web services vs. "big"' web services: making the right
architectural decision” published in WWW '08 Proceedings of the 17th international conference on World Wide Web in 2008
ACM New York, NY, USA 2008 pg 805-814.
[12] http://docs.oracle.com/cd/E14571_01/web.1111/e13734/rest.htm#autoId0
[13] http://javadevelopment.wikispaces.com/file/view/OReilly+RESTful+Web+Services+Cookbook.pdf.
.
MIME Content type
Json Application/json
XML Application/xml
XHTML Application/Xhtml+xml