REST API safety assurance by means of HMAC mechanism

Nowakowski, G.

Artykuł - szczegóły

Tytuł artykułu

REST API safety assurance by means of HMAC mechanism

Autorzy

Nowakowski G.

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

Warianty tytułu

Języki publikacji

Abstrakty

The HMAC mechanism that enables authentication REST services and assures their integrity, non-repudiation and confidentiality, has been presented in this article. A demonstration Restful API has been implemented using Slim Framework, in which several endpoints for login, test route available only for registered users and authenticated by means of HMAC mechanism, have been assigned. The solution proposed here suggests an alternative that is easy to implement compared to other well-known methods of authentication and authorization.

Słowa kluczowe

REST Representational State Transfer HMAC Keyed-Hash Message Authentication Code API Application Programming Interface cryptography

Wydawca

Wydawnictwo Szkoły Głównej Gospodarstwa Wiejskiego w Warszawie

Czasopismo

Information Systems in Management

Rocznik

2016

Tom

Vol. 5, No. 3

Strony

358--369

Opis fizyczny

Bibliogr. 15 poz., rys., tab.

Twórcy

autor

Nowakowski G.

Department of Automatic Control and Information Technology, Cracow University of Technology (PK)

Bibliografia

[1] Webber J., Parastatidis S., Robinson I. (2010) REST in Practice: Hypermedia and Systems Architecture, O'Reilly Media, 1 edition.
[2] Mehta B. (2014) RESTful Java Patterns and Best Practices, Packt Publishing.
[3] Richardson L., Amundsen M, Ruby S. (2013) RESTful Web APIs, O'Reilly Media.
[4] Fielding R.T. (2000) Architectural Styles and the Design of Network-based Software Architectures, Chapter 5, Dissertation, University Of California, Irvine.
[5] JSON, (online) homepage: http://json.org/ (date of access: 2016-02-05)
[6] XML, (online) homepage: http://www.w3.org/XML/ (date of access: 2016-02-05)
[7] Slim Framework, a micro framework for PHP (online) homepage: http://www.slimframework.com/ (date of access: 2016-02-05)
[8] Slim Framework, Middleware-Overview (online) homepage: http://docs.slimframework.com/#Middleware-Overview (date of access: 2016-02-05) 369
[9] hash_hmac(), (online) homepage: http://php.net/manual/en/function.hash-hmac.php (date of access: 2016-02-05)
[10] Krawczyk H., Bellare M., and Canetti R. (1997) HMAC: Keyed-Hashing for Message Authentication, Internet Engineering Task Force, Request for Comments (RFC) 2104.
[11] National Institute of Standards and Technology (2008) Secure Hash Standards (SHS), Federal Information Processing Standards Publication 180-3.
[12] NIST Special Publication (SP) 800-57 (2007) Recommendation for Key Management – Part 1: General (Revised).
[13] NIST Special Publication (SP) 800-107 (2009) Recommendation for Applications Using Approved Hash Algorithms.
[14] Hash-based Message Authentication Code (HMAC) definition, (online) homepage: http://searchsecurity.techtarget.com/definition/Hash-based-Message-AuthenticationCode-HMAC (date of access: 2016-02-05)
[15] Using HMAC to authenticate Web service requests, (online) homepage: http://rc3.org/2011/12/02/using-hmac-to-authenticate-web-service-requests/ (date of access: 2016-02-05)

Uwagi

Opracowanie ze środków MNiSW w ramach umowy 812/P-DUN/2016 na działalność upowszechniającą naukę.

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-1150c78d-f522-4e7a-bc85-b223bbcf7af1