A Case Study on the Security Policies for RESTful Open API Platform of Human Resource Management

被引：0

作者：

Yun, Fei ^{[1
]}

Zhu, Weiheng ^{[1
]}

Huang, Sui ^{[1
]}

Zhou, Wei ^{[1
]}

机构：

[1] Jinan Univ, Dept Comp Sci, Guangzhou 510632, Guangdong, Peoples R China

来源：

CEIT 2012: 2012 INTERNATIONAL CONFERENCE ON CIVIL ENGINEERING AND INFORMATION TECHNOLOGY | 2012年

关键词：

Security Policies; RESTful; Open API; Human Resource Management; OAuth;

D O I：

暂无

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

The introduction of RESTful web service and open APIs helps to transfer many Web applications once built on traditional database and JSP/ASP techniques to open API platforms. However, there are still concerns about the security of data at the backend. This paper presents a Human Resource Open Platform (HROP) using Open Authorization (OAuth) protocol. To ensure its security, different policies have been imposed at various levels (platform, user, application and service) and achieved via infrastructure design, service layered protection and strict permission checks. This paper concludes by suggesting ways that developers can exploit to achieve more secure and user-controllable open platform applications.

引用

页码：142 / 147

页数：6

共 6 条

[1] REGIMES OF SHARING Open APIs, interoperability, and Facebook
Bodle, Robert
[J]. INFORMATION COMMUNICATION & SOCIETY, 2011, 14 (03) : 320 - 337
[2] [邓瑛 Deng Ying], 2002, [计算机工程, Computer Engineering], V28, P195
[3] On Dynamic Access Control in Web 2.0 and Beyond: Trends and Technologies
Faynberg, Igor
Lu, Hui-Lan
Ristock, Herbert
[J]. BELL LABS TECHNICAL JOURNAL, 2011, 16 (02) : 199 - 218
[4] OpenSocial: An Enabler for Social Applications on the Web
Haesel, Matthias
[J]. COMMUNICATIONS OF THE ACM, 2011, 54 (01) : 139 - 144
[5] OAuth Web Authorization Protocol
Leiba, Barry
[J]. IEEE INTERNET COMPUTING, 2012, 16 (01) : 74 - 77
[6] Open API Standardization for the NGN Platform
Mulligan, Catherine E. A.
[J]. IEEE COMMUNICATIONS MAGAZINE, 2009, 47 (05) : 108 - 113

← 1 →