Browse Prior Art Database

Method of providing access validation for secure resources

IP.com Disclosure Number: IPCOM000219086D
Publication Date: 2012-Jun-19
Document File: 2 page(s) / 19K

Publishing Venue

The IP.com Prior Art Database

Abstract

Representational State Transfer (REST) is an emergent and important architectural style for distributed systems such as World Wide Web (WWW). The requests and responses are built around the transfer of representations of resources. Resources are the entities that can be created, updated, and retrieved via HTTP protocol. Depending on the business need, some resources must require authentication and secure access. In HTTP parlance, the request for a secure resource must be sent over HTTPS. This disclosure proposes a method that will validate the secure access requirement based on request URLs.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 60% of the total text.

Page 01 of 2

Method of providing access validation for secure resources

The disclosed method performs secure access validation at the generic context provider level rather than at the individual resource handler level. This ensures new or modified resource do not escape from the validation. Access validation is supported at the level of individual HTTP methods such as GET, PUT, POST and DELETE. It uses a flexible algorithm based on the hierarchy in resource URI path declaration and a configuration file. Therefore, the implementation is easy and open to changes in requirement.

The disclosed method works as detailed below. Example is given for an e-Commerce application scenario.

i. The paths of the resources are declared before hand in a structured format like XML. There is provision to specify which resource is secure/not for which all HTTP methods. Example:

Here, the resource "store/{storeId}/cart" is secure; whereas "store/ {storeId}/cart/shipping_info" is not, for all the HTTP methods. The resource "store/ {storeId}/person" is secure for POST method only.

ii. At run time, for all the resource paths specified, a corresponding list of patterns is generated.

Example:
store/[0-9]+/cart
store/[0-9]+/cart/shipping_info
store/[0-9]+/person

iii. The resource path patterns are sorted in descending order of their string length. This takes care of resource path declarations at different hierarchies.

Example:
store/[0-9]+/cart/shipping_info
store/[0-9]+/person
store/[0-9]+/cart
If the re...