{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:16:26Z","timestamp":1742912186097,"version":"3.40.3"},"publisher-location":"Cham","reference-count":60,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319644820"},{"type":"electronic","value":"9783319644837"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-64483-7_14","type":"book-chapter","created":{"date-parts":[[2017,7,26]],"date-time":"2017-07-26T13:19:07Z","timestamp":1501075147000},"page":"215-231","source":"Crossref","is-referenced-by-count":3,"title":["On the Security Expressiveness of REST-Based API Definition Languages"],"prefix":"10.1007","author":[{"given":"Hoai Viet","family":"Nguyen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jan","family":"Tolsdorf","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luigi","family":"Lo Iacono","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,7,27]]},"reference":[{"key":"14_CR1","volume-title":"SOA Principles of Service Design (The Prentice Hall Service-Oriented Computing Series from Thomas Erl)","author":"T Erl","year":"2007","unstructured":"Erl, T.: SOA Principles of Service Design (The Prentice Hall Service-Oriented Computing Series from Thomas Erl). Prentice Hall PTR, Upper Saddle River (2007)"},{"issue":"2","key":"14_CR2","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1147\/sj.412.0198","volume":"41","author":"F Leymann","year":"2002","unstructured":"Leymann, F., Roller, D., Schmidt, M.T.: Web services and business process management. IBM Syst. J. 41(2), 198\u2013211 (2002)","journal-title":"IBM Syst. J."},{"key":"14_CR3","unstructured":"Gudgin, M., Hadley, M., Mendelsohn, N., Moreau, J.J., Nielsen, H.F., Karmarkar, A., Lafon, Y.: SOAP Version 1.2 Part 1: Messaging Framework (2nd edn.). W3C Recommendation, W3C (2007). http:\/\/www.w3.org\/TR\/soap.12-part1\/"},{"key":"14_CR4","unstructured":"Christensen, E., Curbera, F., Meredith, G., Weerawarana, S.: Web Services Description Language (WSDL) 1.1. W3C Note, W3C (2000). http:\/\/www.w3.org\/TR\/2001\/NOTE-wsdl-20010315"},{"key":"14_CR5","unstructured":"Nadalin, A., Goodner, M., Gudgin, M., Turner, D., Barbir, A., Granqvist, H.: WS-SecurityPolicy 1.3. Standard, OASIS (2012)"},{"key":"14_CR6","unstructured":"Fielding, R.T.: Architectural styles and the design of network-based software architectures. Ph.D. thesis, University of California, Irvine (2000)"},{"key":"14_CR7","doi-asserted-by":"crossref","unstructured":"Sun, S.T., Beznosov, K.: the devil is in the (implementation) details: an empirical analysis of OAuth SSO systems. In: 19th ACM Conference on Computer and Communications Security (CSS) (2012)","DOI":"10.1145\/2382196.2382238"},{"key":"14_CR8","unstructured":"Hardt, D.: The OAuth 2.0 Authorization Framework. RFC, IETF (2012). https:\/\/tools.ietf.org\/html\/rfc6749"},{"key":"14_CR9","unstructured":"Hickson, I., Berjon, R., Faulkner, S., Leithead, T., Navara, E.D., O\u2019Connor, E., Pfeiffer, S.: HTML5 - a vocabulary and associated APIs for HTML and XHTML. Recommendation, W3C (2014). http:\/\/www.w3.org\/TR\/html5\/"},{"key":"14_CR10","unstructured":"Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F.: Extensible Markup Language (XML) 1.0 (5th edn.). Recommendation, W3C (2008). http:\/\/www.w3.org\/TR\/2008\/REC-xml-20081126"},{"key":"14_CR11","unstructured":"Bray, T.: The JavaScript Object Notation (JSON) Data Interchange Format. RFC 7189, IETF. https:\/\/tools.ietf.org\/html\/rfc7159"},{"key":"14_CR12","unstructured":"Shelby, Z., Hartke, K., Borman, C.: The Constrained Application Protocol (CoAP). RFC, IETF (2014). https:\/\/tools.ietf.org\/html\/rfc7252"},{"key":"14_CR13","doi-asserted-by":"crossref","unstructured":"Lo Iacono, L., Nguyen, H.V.: Towards conformance testing of REST-based web services. In: 11th International Conference on Web Information Systems and Technologies (WEBIST) (2015)","DOI":"10.5220\/0005412202170227"},{"key":"14_CR14","unstructured":"Franks, J., Hallam-Baker, P.M., Hostetler, J.L., Lawrence, S.D., Leach, P.J., Luotonen, A., Stewart, L.C.: HTTP Authentication: Basic and Digest Access Authentication. RFC, IETF (1999). https:\/\/tools.ietf.org\/html\/rfc2617"},{"key":"14_CR15","unstructured":"Hammer-Lahav, E.: The OAuth 1.0 Protocol. RFC, IETF (2010). https:\/\/tools.ietf.org\/html\/rfc5849"},{"key":"14_CR16","unstructured":"Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., Mortimore, C.: OpenID Connect Core 1.0. Specification, OpenID Foundation (2014). http:\/\/openid.net\/specs\/openid-connect-core-1_0.html"},{"key":"14_CR17","unstructured":"Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC, IETF (2008). http:\/\/tools.ietf.org\/html\/rfc5246"},{"key":"14_CR18","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1007\/978-3-319-19210-9_8","volume-title":"Future Network Systems and Security","author":"L Lo Iacono","year":"2015","unstructured":"Lo Iacono, L., Nguyen, H.V.: Authentication scheme for REST. In: Doss, R., Piramuthu, S., Zhou, W. (eds.) FNSS 2015. CCIS, vol. 523, pp. 113\u2013128. Springer, Cham (2015). doi: 10.1007\/978-3-319-19210-9_8"},{"key":"14_CR19","unstructured":"Amazon: Signing AWS Requests By Using Signature Version 4 (2017). https:\/\/docs.aws.amazon.com\/general\/latest\/gr\/sigv4_signing.html"},{"key":"14_CR20","unstructured":"Google: Migrating from Amazon S3 to Google Cloud Storage (2017). https:\/\/cloud.google.com\/storage\/docs\/migrating"},{"key":"14_CR21","unstructured":"Hewlett Packard: HP Helion Public Cloud Object Storage API Specification (2014). https:\/\/docs.hpcloud.com\/publiccloud\/api\/object-storage\/"},{"key":"14_CR22","unstructured":"Microsoft: Authentication for the Azure Storage Services (2017). http:\/\/msdn.microsoft.com\/en-us\/library\/dd179428.aspx"},{"key":"14_CR23","unstructured":"Chinnici, R., Moreau, J.J., Ryman, A., Weerawarana, S.: Web services description language (WSDL) version 2.0 part 1: core language. W3C Recommendation, W3C (2007). http:\/\/www.w3.org\/TR\/2007\/REC-wsdl20-20070626"},{"key":"14_CR24","unstructured":"Lewis, A., Haas, H., Orchard, D., Weerawarana, S., Chinnici, R., Moreau, J.J.: Web Services Description Language (WSDL) Version 2.0 Part 2: Adjuncts. W3C Recommendation, W3C (2007). http:\/\/www.w3.org\/TR\/2007\/REC-wsdl20-adjuncts-20070626"},{"key":"14_CR25","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-1-4614-9299-3_5","volume-title":"REST: Advanced Research Topics and Practical Applications","author":"R Verborgh","year":"2014","unstructured":"Verborgh, R., Harth, A., Maleshkova, M., Stadtm\u00fcller, S., Steiner, T., Taheriyan, M., Van de Walle, R.: Survey of semantic description of REST APIs. In: Pautasso, C., Wilde, E., Alarcon, R. (eds.) REST: Advanced Research Topics and Practical Applications, pp. 69\u201389. Springer, New York (2014). doi: 10.1007\/978-1-4614-9299-3_5"},{"key":"14_CR26","unstructured":"Headley, M.: Web Application Description Language (WADL). W3C Member Submission, W3C (2009). http:\/\/www.w3.org\/Submission\/2009\/SUBM-wadl-20090831"},{"key":"14_CR27","unstructured":"Robie, J., Cavicchio, R., Sinnema, R., Wilde, E.: RESTful service description language (RSDL): describing RESTful services without tight coupling. In: Balisage: The Markup Conference 2013, Montr\u00e9al, Canada, 6\u20139 August 2013"},{"key":"14_CR28","unstructured":"Robie, J., Sinnema, R., Zhou, W.: RESTful API Description Language (2016). https:\/\/github.com\/restful-api-description-language"},{"key":"14_CR29","doi-asserted-by":"crossref","unstructured":"Li, L., Chou, W.: Design and describe REST API without violating REST: a petri net based approach. In: 18th IEEE International Conference on Web Services (ICWS) (2011)","DOI":"10.1109\/ICWS.2011.54"},{"key":"14_CR30","unstructured":"Open API Initiative: OpenAPI Specification (2016). https:\/\/github.com\/OAI\/OpenAPI-Specification\/blob\/master\/versions\/2.0.md"},{"key":"14_CR31","unstructured":"SmartBear Software: Swagger Specification (2016). http:\/\/swagger.io\/specification"},{"key":"14_CR32","unstructured":"Ben-Kiki, O., Evans, C., dot Net, I.: YAML Aint Markup Language Version 1.2. Technical report (2009). http:\/\/www.yaml.org\/spec\/1.2\/spec.html"},{"key":"14_CR33","unstructured":"RAML: RAML Version 1.0: RESTful API Modeling Language (2016). https:\/\/github.com\/raml-org\/raml-spec\/blob\/master\/versions\/raml-10\/raml-10.md\/"},{"key":"14_CR34","unstructured":"API Blueprint: API Blueprint Specification (2016). https:\/\/apiblueprint.org\/documentation\/specification.html"},{"key":"14_CR35","unstructured":"Apiary Inc.: Markdown Syntax for Object Notation. Technical report (2016). https:\/\/github.com\/apiaryio\/mson"},{"key":"14_CR36","unstructured":"Leonard, S.: Guidance on Markdown: Design Philosophies, Stability Strategies, and Select Registrations. RFC, IETF (2016). https:\/\/tools.ietf.org\/html\/rfc7764"},{"key":"14_CR37","unstructured":"Handl, R., Jeyaraman, R., Pizzo, M., Zurmuehl, M.: OData Version 4.0. Part 1: Protocol Plus Errata 03. OASIS Standard, OASIS (2016). https:\/\/docs.oasis-open.org\/odata\/odata\/v4.0\/odata-v4.0-part1-protocol.html"},{"key":"14_CR38","unstructured":"Handl, R., Jeyaraman, R., Pizzo, M., Biamonte, M.: OData JSON Format Version 4.0 Plus Errata 03. OASIS Standard, OASIS (2016). https:\/\/docs.oasis-open.org\/odata\/odata-json-format\/v4.0\/odata-json-format-v4.0.html"},{"key":"14_CR39","unstructured":"Hartel, B., Jeyaraman, R., Zurmuehl, M., Pizzo, M., Handl, R.: OData Atom Format Version 4.0. OASIS Standard, OASIS (2013). https:\/\/docs.oasis-open.org\/odata\/odata-atom-format\/v4.0\/odata-atom-format-v4.0.html"},{"key":"14_CR40","unstructured":"TIBCA Software Inc.: I\/O Docs community edition in Node.js. Technical report (2015). https:\/\/github.com\/mashery\/iodocs"},{"key":"14_CR41","doi-asserted-by":"crossref","unstructured":"Kopeck\u00fd, J., Gomadam, K., Vitvar, T.: hRESTS: an HTML microformat for describing RESTful web services. In: IEEE\/WIC\/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT) (2008)","DOI":"10.1109\/WIIAT.2008.379"},{"key":"14_CR42","unstructured":"Adida, B., Birbeck, M., McCarron, S.: RDFa Core 1.1 - 3rd edn. W3C Recommendation, W3C (2015). http:\/\/www.w3.org\/TR\/2015\/REC-rdfa-core-20150317"},{"key":"14_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"534","DOI":"10.1007\/978-3-642-17746-0_34","volume-title":"The Semantic Web \u2013 ISWC 2010","author":"M Maleshkova","year":"2010","unstructured":"Maleshkova, M., Pedrinaci, C., Domingue, J., Alvaro, G., Martinez, I.: Using semantics for automating the authentication of web APIs. In: Patel-Schneider, P.F., Pan, Y., Hitzler, P., Mika, P., Zhang, L., Pan, J.Z., Horrocks, I., Glimm, B. (eds.) ISWC 2010. LNCS, vol. 6496, pp. 534\u2013549. Springer, Heidelberg (2010). doi: 10.1007\/978-3-642-17746-0_34"},{"key":"14_CR44","doi-asserted-by":"crossref","unstructured":"Alarcon, R., Wilde, E.: Linking data from RESTful services. In: Third Workshop on Linked Data on the Web (2010)","DOI":"10.1145\/1772690.1772799"},{"key":"14_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1007\/978-3-642-27997-3_7","volume-title":"Current Trends in Web Engineering","author":"J Bellido","year":"2012","unstructured":"Bellido, J., Alarcon, R., Sepulveda, C.: Web linking-based protocols for guiding RESTful M2M interaction. In: Harth, A., Koch, N. (eds.) ICWE 2011. LNCS, vol. 7059, pp. 74\u201385. Springer, Heidelberg (2012). doi: 10.1007\/978-3-642-27997-3_7"},{"issue":"4","key":"14_CR46","doi-asserted-by":"crossref","first-page":"767","DOI":"10.1007\/s11280-014-0278-0","volume":"18","author":"C Sepulveda","year":"2015","unstructured":"Sepulveda, C., Alarcon, R., Bellido, J.: QoS aware descriptions for RESTful service composition: security domain. World Wide Web 18(4), 767\u2013794 (2015)","journal-title":"World Wide Web"},{"key":"14_CR47","doi-asserted-by":"crossref","unstructured":"Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. In: 2nd ACM Workshop on Digital Identity Management (DIM) (2006)","DOI":"10.1145\/1179529.1179532"},{"key":"14_CR48","unstructured":"de Azevedo Muniz, B., Chaves, L.M., Lira, H.A., Dantas, J.R.V., Farias, P.P.M.: Serin an aproach to specify semantic abstract interfaces in the context of RESTful web services. In: IADIS International Conference WWW\/Internet (2013)"},{"key":"14_CR49","doi-asserted-by":"crossref","unstructured":"Lanthaler, M.: Creating 3rd generation web APIs with hydra. In: 22nd International Conference on World Wide Web (WWW) (2013)","DOI":"10.1145\/2487788.2487799"},{"key":"14_CR50","unstructured":"Lanthaler, M.: Hydra Core Vocabulary - A Vocabulary for Hypermedia-Driven Web APIs. Unofficial Draft, W3C (2017). http:\/\/www.hydra-cg.com\/spec\/latest\/core\/"},{"key":"14_CR51","unstructured":"Sporny, M., Longley, D., Kellogg, G., Lanthaler, M., Lindstrm, N.: JSON-LD 1.0 - A JSON-Based Serialization for Linked Data. W3C Recommendation, W3C (2014). https:\/\/www.w3.org\/TR\/json-ld\/"},{"key":"14_CR52","doi-asserted-by":"crossref","unstructured":"Verborgh, R., Steiner, T., Van Deursen, D., Coppens, S., Vall\u00e9s, J.G., Van de Walle, R.: Functional descriptions as the bridge between hypermedia APIs and the semantic web. In: 3rd International Workshop on RESTful Design (WS-REST) (2012)","DOI":"10.1145\/2307819.2307828"},{"key":"14_CR53","unstructured":"Berners-Lee, T., Connolly, D.: Notation3 (N3): a readable RDF syntax. W3C Team Submission, W3C (2011). https:\/\/www.w3.org\/TeamSubmission\/n3\/"},{"key":"14_CR54","doi-asserted-by":"crossref","unstructured":"Fahl, S., Harbach, M., Muders, T., Baumg\u00e4rtner, L., Freisleben, B., Smith, M.: Why eve and mallory love android: an analysis of android SSL (in)security. In: 19th ACM Conference on Computer and Communications Security (CCS) (2012)","DOI":"10.1145\/2382196.2382205"},{"key":"14_CR55","unstructured":"Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating SSL certificates in non-browser software. In: 19th ACM Conference on Computer and Communications Security (CCS) (2012). http:\/\/doi.acm.org\/10.1145\/2382196.2382204"},{"key":"14_CR56","unstructured":"IETF JOSE Working Group: Javascript Object Signing and Encryption (JOSE) (2017). http:\/\/datatracker.ietf.org\/wg\/jose\/"},{"key":"14_CR57","unstructured":"Urien, P.: Remote APDU Call Secure (RACS). Internet-Draft, IETF (2016). https:\/\/tools.ietf.org\/html\/draft-urien-core-racs-08"},{"key":"14_CR58","doi-asserted-by":"crossref","unstructured":"Gorski, P.L., Lo Iacono, L., Nguyen, H.V., Torkian, D.B.: Service security revisited. In: 11th IEEE International Conference on Services Computing (SCC) (2014)","DOI":"10.1109\/SCC.2014.68"},{"key":"14_CR59","doi-asserted-by":"crossref","unstructured":"Nguyen, H.V., Lo Iacono, L.: REST-ful CoAP message authentication. In: International Workshop on Secure Internet of Things (SIoT), in conjunction with the European Symposium on Research in Computer Security (ESORICS) (2015)","DOI":"10.1109\/SIOT.2015.8"},{"key":"14_CR60","doi-asserted-by":"crossref","unstructured":"Nguyen, H.V., Lo Iacono, L.: RESTful IoT authentication protocols. In: u, M.H., Choo, K.R., (eds.) Mobile Security and Privacy - Advances Challenges and Future Research Directions. Advanced Topics in Information Security, 1st edn., pp. 217\u2013234. Elsevier\/Syngress (2016)","DOI":"10.1016\/B978-0-12-804629-6.00010-9"}],"container-title":["Lecture Notes in Computer Science","Trust, Privacy and Security in Digital Business"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-64483-7_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,1]],"date-time":"2019-10-01T13:02:39Z","timestamp":1569934959000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-64483-7_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319644820","9783319644837"],"references-count":60,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-64483-7_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}