Secure Information Technology Center – Austria

Orchestration of distributed cloud applications

Today, many web services offer a separate interface in the form of a Web-API that enables the data exchange and consumption of remote services. However, the management of secuirity aspects of these interfaces is often complex and opaque. Considering the role of Web-APIs as a corner stone and driver of modern Internet and cross-domain transactions, it is necessary to reconsider the modeling of underlying security features and data models applied in the cross-domain communication.

In the course of the previous projects A-SIT has already researched the application of diverse authorization models at cloud services, which later enabled the development of a multifunctional conceptual and software framework. In the scope if this project we extend the framework and implement new concepts that enable machine-understandable structuring of different categories of Web-APIs. The primary goal of this work is advancement of security management of API-related transactions. In the first iteration, we have investigated 20 APIs from 7 different product categories. Following the analysis, the initial concepts from the previous projects were extended and implemented as a part of an extended framework.

Downloads

Titel Version Datum
Project report (DE) 1.0 2016-11-10

Posted 22.11.2016, Kategorie: IT-Security.