Visible to the public Rethinking Authorization Management of Web-APIs

TitleRethinking Authorization Management of Web-APIs
Publication TypeConference Paper
Year of Publication2020
AuthorsSuzic, B., Latinovic, M.
Conference Name2020 IEEE International Conference on Pervasive Computing and Communications (PerCom)
Date PublishedMarch 2020
ISBN Number978-1-7281-4657-7
KeywordsAPI, APIs, application program interfaces, application programming interface, authorisation, authorization management, cloud applications, cloud computing, compositionality, data fragments, mobile applications, mobile computing, pubcrawl, resilience, Resiliency, resource sharing, security policies, service providers, third party web, Web APIs, web services

Service providers typically utilize Web APIs to enable the sharing of tenant data and resources with numerous third party web, cloud, and mobile applications. Security mechanisms such as OAuth 2.0 and API keys are commonly applied to manage authorization aspects of such integrations. However, these mechanisms impose functional and security drawbacks both for service providers and their users due to their static design, coarse and context insensitive capabilities, and weak interoperability. Implementing secure, feature-rich, and flexible data sharing services still poses a challenge that many providers face in the process of opening their interfaces to the public.To address these issues, we design the framework that allows pluggable and transparent externalization of authorization functionality for service providers and flexibility in defining and managing security aspects of resource sharing with third parties for their users. Our solution applies a holistic perspective that considers service descriptions, data fragments, security policies, as well as system interactions and states as an integrated space dynamically exposed and collaboratively accessed by agents residing across organizational boundaries.In this work we present design aspects of our contribution and illustrate its practical implementation by analyzing case scenario involving resource sharing of a popular service.

Citation Keysuzic_rethinking_2020