Authors: Marc Hüffmeyer 1 ; Florian Haupt 2 ; Frank Leymann 2 and Ulf Schreier 1

Affiliations: 1 Hochschule Furtwangen, Germany ; 2 University of Stuttgart, Germany

ISBN: 978-989-758-295-0

Keyword(s): REST, Web Services, Authorization, Attribute Based Access Control.

Abstract: The architectural style named Representational State Transfer (REST) is nowadays widely established and still enjoys a growing popularity. One of the core principles of REST is referred as ”Hypermedia as the Engine of Application State” (HATEOAS). HATEOAS is one of the foundations of the scalability that RESTful systems provide and enables the decoupling of client and server. But the realization of HATEOAS is challenging, because there is no systematic approach how to enforce the constraint. Therefore, the implementation is mostly up to the developer of a RESTful service. This work describes a new method of how to apply the HATEOAS constraint. We describe a method that systematically enables HATEOAS based on REST API models and the integration of access control mechanisms. In order to avoid unauthorized access attempts and unnecessary network traffic, the resource representations are customized to the requesting subject. References that lead to not accessible resources, are not includ ed in the customized resource representations. Therefore, an attribute based access control mechanism is extended to distinguish between static and dynamic attributes. A 2-phase authorization procedure is introduced that relies on this discrimination and determines the references which must be included in the resource representation. The result is a flexible realization of HATEOAS based on formal models. (More)

PDF ImageFull Text


Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Hüffmeyer, M.; Haupt, F.; Leymann, F. and Schreier, U. (2018). Authorization-aware HATEOAS.In Proceedings of the 8th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-295-0, pages 78-89. DOI: 10.5220/0006683700780089

author={Marc Hüffmeyer. and Florian Haupt. and Frank Leymann. and Ulf Schreier.},
title={Authorization-aware HATEOAS},
booktitle={Proceedings of the 8th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},


JO - Proceedings of the 8th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Authorization-aware HATEOAS
SN - 978-989-758-295-0
AU - Hüffmeyer, M.
AU - Haupt, F.
AU - Leymann, F.
AU - Schreier, U.
PY - 2018
SP - 78
EP - 89
DO - 10.5220/0006683700780089

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.