{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T17:20:03Z","timestamp":1725902403956},"publisher-location":"Singapore","reference-count":25,"publisher":"Springer Singapore","isbn-type":[{"type":"print","value":"9789811054204"},{"type":"electronic","value":"9789811054211"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-981-10-5421-1_12","type":"book-chapter","created":{"date-parts":[[2017,6,22]],"date-time":"2017-06-22T08:30:04Z","timestamp":1498120204000},"page":"141-153","source":"Crossref","is-referenced-by-count":3,"title":["RESTful Is Not Secure"],"prefix":"10.1007","author":[{"given":"Tetiana","family":"Yarygina","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,6,23]]},"reference":[{"key":"12_CR1","volume-title":"RESTful Web Services","author":"L Richardson","year":"2007","unstructured":"Richardson, L., Ruby, S.: RESTful Web Services. O\u2019Reilly Media, Sebastopol (2007)"},{"key":"12_CR2","unstructured":"Fielding, R.T.: Architectural Styles and the Design of Network-based Software Architectures. Ph.D. thesis, University of California, Irvine (2000)"},{"key":"12_CR3","doi-asserted-by":"crossref","unstructured":"Pautasso, C., Zimmermann, O., Leymann, F.: RESTful web services vs. big web services: making the right architectural decision. In: 17th International World Wide Web Conference (WWW 2008), Beijing, China, pp. 805\u2013814 (2008)","DOI":"10.1145\/1367497.1367606"},{"key":"12_CR4","doi-asserted-by":"crossref","unstructured":"Gorski, P., Lo Iacono, L., Nguyen, H., Torkian, D.: Service security revisited. In: IEEE International Conference on Services Computing, pp. 464\u2013471. IEEE Computer Society, Washington, DC (2014)","DOI":"10.1109\/SCC.2014.68"},{"key":"12_CR5","doi-asserted-by":"crossref","unstructured":"Lo Iacono, L., Nguyen, H.: Authentication scheme for REST. In: International Conference on Future Network Systems and Security, pp. 113\u2013128 (2015)","DOI":"10.1007\/978-3-319-19210-9_8"},{"key":"12_CR6","doi-asserted-by":"crossref","unstructured":"Serme, G., de Oliveira, A., Massiera, J., Roudier, Y.: Enabling message security for RESTful services. In: IEEE 19th International Conference on Web Services, pp. 114\u2013121. IEEE Computer Society, Washington, DC (2012)","DOI":"10.1109\/ICWS.2012.94"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"De Backere, F., Hanssens, B., Heynssens, R., Houthooft, R., Zuliani, A., Verstichel, S., Dhoedt, B., De Turck, F.: Design of a security mechanism for RESTful web service communication through mobile clients. In: IEEE Network Operations and Management Symposium, pp. 1\u20136. IEEE, Krakow (2014)","DOI":"10.1109\/NOMS.2014.6838308"},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"Inoue, T., Asakura, H., Sato, H., Takahashi, N.: Key roles of session state: not against REST architectural style. In: IEEE 34th Computer Software and Applications Conference, pp. 171\u2013178. IEEE (2010)","DOI":"10.1109\/COMPSAC.2010.64"},{"key":"12_CR9","doi-asserted-by":"crossref","unstructured":"Jones, M., Bradley, J., Sakimura, N.: RFC 7519. JSON Web Token (2015)","DOI":"10.17487\/RFC7519"},{"key":"12_CR10","doi-asserted-by":"crossref","DOI":"10.1201\/9781439821916","volume-title":"Handbook of Applied Cryptography","author":"AJ Menezes","year":"1996","unstructured":"Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)"},{"key":"12_CR11","unstructured":"Fu, K., Sit, E., Smith, K., Feamster, N.: The dos and don\u2019ts of client authentication on the Web. In: USENIX Security Symposium, pp. 251\u2013268 (2001)"},{"issue":"1","key":"12_CR12","doi-asserted-by":"crossref","first-page":"1:1","DOI":"10.1145\/2220352.2220353","volume":"12","author":"I Dacosta","year":"2012","unstructured":"Dacosta, I., Chakradeo, S., Ahamad, M., Traynor, P.: One-time cookies: preventing session hijacking attacks with stateless authentication tokens. ACM Trans. Internet Technol. 12(1), 1:1\u20131:24 (2012)","journal-title":"ACM Trans. Internet Technol."},{"key":"12_CR13","unstructured":"Dietz, M., Czeskis, A., Balfanz, D., Wallach, D.S.: Origin-bound certificates: a fresh approach to strong client authentication for the web. In: 21st USENIX Security Symposium, pp. 317\u2013331. USENIX, Bellevue, WA (2012)"},{"key":"12_CR14","unstructured":"Amazon S3: Authenticating requests (AWS Signature v4). https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/API\/sig-v4-authenticating-requests.html"},{"key":"12_CR15","unstructured":"Microsoft Azure documentation: Authentication for the Azure Storage Services (2015). https:\/\/msdn.microsoft.com\/en-us\/library\/dd179428.aspx"},{"key":"12_CR16","unstructured":"Cavage, M., Sporny, M.: IETF draft. Signing HTTP messages (2015)"},{"key":"12_CR17","doi-asserted-by":"crossref","unstructured":"Hammer-Lahav, E.: RFC 5849. The OAuth 1.0 protocol (2010)","DOI":"10.17487\/rfc5849"},{"key":"12_CR18","doi-asserted-by":"crossref","unstructured":"Chen, E., Pei, Y., Chen, S., Tian, Y., Kotcher, R., Tague, P.: OAuth demystified for mobile application developers. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 892\u2013903. ACM, New York (2014)","DOI":"10.1145\/2660267.2660323"},{"key":"12_CR19","unstructured":"Wang, R., Zhou, Y., Chen, S., Qadeer, S., Evans, D., Gurevich, Y.: Explicating SDKs: uncovering assumptions underlying secure authentication and authorization. In: 22nd USENIX Security Symposium, pp. 399\u2013314. Washington, DC (2013)"},{"key":"12_CR20","doi-asserted-by":"crossref","unstructured":"Sun, S.T., Beznosov, K.: The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems. In: ACM Conference on Computer and Communications Security, pp. 378\u2013390. ACM, New York (2012)","DOI":"10.1145\/2382196.2382238"},{"key":"12_CR21","unstructured":"Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., Mortimore, C.: OpenID Connect Core 1.0 (2014)"},{"key":"12_CR22","doi-asserted-by":"crossref","unstructured":"Wang, R., Chen, S., Wang, X.: Signing me onto your accounts through Facebook and Google: a traffic-guided security study of commercially deployed single-sign-on web services. In: IEEE Symposium on Security and Privacy, pp. 365\u2013379. IEEE Computer Society, Washington, DC (2012)","DOI":"10.1109\/SP.2012.30"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Fielding, R.T., Taylor, R.N.: Principled design of the modern web architecture, pp. 407\u2013416, June 2000","DOI":"10.1145\/337180.337228"},{"issue":"6","key":"12_CR24","doi-asserted-by":"crossref","first-page":"86","DOI":"10.1109\/MSP.2016.129","volume":"14","author":"C Fetzer","year":"2016","unstructured":"Fetzer, C.: Building critical applications using microservices. IEEE Secur. Priv. 14(6), 86\u201389 (2016)","journal-title":"IEEE Secur. Priv."},{"key":"12_CR25","unstructured":"Trustworthy Internet Movement: SSL Pulse (2017). https:\/\/www.trustworthyinternet.org\/ssl-pulse\/"}],"container-title":["Communications in Computer and Information Science","Applications and Techniques in Information Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-10-5421-1_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,26]],"date-time":"2019-09-26T10:54:39Z","timestamp":1569495279000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-981-10-5421-1_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9789811054204","9789811054211"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-981-10-5421-1_12","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2017]]}}}