DOCSLIB.ORG

Electronic Identification Based on Openid Connect a Design Proposal

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Electronic Identification Based on Openid Connect a Design Proposal DEGREE PROJECT IN COMPUTER SCIENCE AND ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2017 Electronic Identification Based on OpenID Connect A Design Proposal TOM JOHANSSON KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF COMPUTER SCIENCE AND COMMUNICATION Electronic Identification Based on OpenID Connect A Design Proposal TOM JOHANSSON Master in Computer Science Date: June 30, 2017 Supervisor: Sonja Buchegger Examiner: Johan Håstad Swedish title: E-legitimation baserad på OpenID Connect – Ett designförslag School of Computer Science and Communication i Abstract Electronic identification is used by an individual to prove who he or she is by electronic means and is normally used for logging in to various services. In Sweden there are a number of different solutions that are developed and provided by different parties. In order to promote and coordinate electronic identification for public services, the Swedish E-identification Board was founded in 2011. The Board has developed a technical frame- work for integration between the Relying Party and the Identity Provider based on the Security Assertion Markup Language V2.0 (SAML) standard. SAML is a quite old stan- dard that has some limitations complicating an electronic identification solution based on it. A newer competing standard is OpenID Connect, which could be a possible candidate as an alternative to SAML. The objective of this thesis is to determine to what extent it is possible to ensure confidentiality, integrity, and accountability in an electronic identi- fication based on OpenID Connect. To achieve this, a number of requirements for elec- tronic identifications were identified and a design proposal based on OpenID Connect was developed together with a proof-of-concept implementation. The design proposal was evaluated against the requirements, with the final result that an electronic identifica- tion based on OpenID Connect could meet the requirements. Sammanfattning E-legitimation används av en individ för visa vem han eller hon är på elektronisk väg och används vanligtvis för att logga in på olika tjänster. I Sverige finns ett antal olika lösningar som utvecklas och tillhandahålls av olika parter. För att främja och samordna elektronisk identifiering för offentliga tjänster grundades E-legitimationsnämnden 2011. Nämnden har tagit fram ett tekniskt ramverk för integrationen mellan Förlitande Part och Legitimeringstjänst baserad på Security Assertion Markup Language V2.0 (SAML) standarden. SAML är en relativt gammal standard med vissa begränsningar som kom- plicerar en e-legitimationslösning baserad på den. En nyare konkurrerande standard är OpenID Connect, vilket kan vara en möjlig kandidat som ett alternativ till SAML. Syftet med detta examensarbete är att undersöka i vilken utsträckning det är möjligt att säker- ställa sekretess, integritet och ansvarsskyldighet för en e-legitimation baserad på OpenID Connect. För att uppnå detta, identifierades ett antal krav för e-legitimationer och ett de- signförslag baserat på OpenID Connect utvecklades tillsammans med en proof-of-concept implementation. Designförslaget utvärderades mot kraven, med det slutliga resultatet att en e-legitimation baserad på OpenID Connect kan uppfylla kraven. Acknowledgments This thesis constitutes the final task of my Degree Programme in Computer Science and Engineering and Master’s Programme in Computer Science at KTH. Carrying out this task has been interesting, delightful, and enlightening. I would like to express my special thanks of gratitude to: Sonja Buchegger for accepting me into her group of students to supervise, steering me in the right direction, providing me with feedback, and supporting my work. Johan Håstad for being my examiner and ensuring that my thesis reached satisfactory academic level, providing me with feedback, and taking time to answer my questions. Johanna Mannung for proposing the degree project assignment, giving me the oppor- tunity to perform my thesis at the Swedish Police Authority, supervising my work, and providing both design and technical guidance. Walter Thyselius for giving me feedback, discussing alternative solutions, and providing useful advices and insights. Magnus K Karlsson for sharing his deep knowledge and explaining various concepts. Veronika Lindström for supporting me with love and care. Chloetta and Trottz for carrying me, helping me to think more clearly and be more cre- ative and productive. ii Contents 1 Introduction 1 1.1 Thesis Objective . .2 1.2 Problem Statement . .2 1.3 Delimitations . .2 1.4 Motivation . .2 1.5 Choice of Methodology . .3 2 Background 4 2.1 Requirement Levels . .4 2.2 Level of Assurance (LoA) . .4 2.3 Confidentiality, Integrity, Availability, and Accountability . .5 2.4 OpenID Connect (OIDC) . .6 2.4.1 Terminology . .6 2.4.2 Protocol Flows . .7 2.4.3 OAuth 2.0 . .9 2.4.4 JavaScript Object Notation (JSON) . .9 2.5 Cryptography . 10 2.5.1 Secure Hash Functions . 10 2.5.2 Public Key Cryptography . 10 2.5.3 Digital Signatures . 11 2.5.4 Digital Certificate . 11 2.5.5 Secure Enclave and Trusted Execution Environment . 13 2.5.6 Transport Layer Security . 13 2.6 Authentication . 13 2.6.1 Something You Know . 13 2.6.2 Something You Have . 14 2.6.3 Something You Are . 14 2.7 Security Threats . 14 2.7.1 Man-in-the-Middle . 14 2.7.2 Man-in-the-Browser . 15 2.7.3 Replay Attack . 15 2.7.4 Cut and Pasted Code Attack . 16 2.7.5 Social Engineering . 17 iii iv CONTENTS 3 Related Work 18 3.1 The Swedish E-identification . 18 3.2 Electronic Identification Solutions . 20 3.3 OAuth . 20 3.4 Research Gap . 20 4 The Design Proposal 21 4.1 System Model . 21 4.2 Problem Identification and Motivation . 22 4.3 Define the Objectives for a Solution . 22 4.4 Assumptions . 23 4.5 Overview . 23 4.5.1 OpenID Provider . 23 4.5.2 Relying Party . 24 4.5.3 eID-app . 24 4.5.4 The eID Solution Flow . 25 4.5.5 Authentication Request . 27 4.5.6 ID Token . 32 4.5.7 Authentication . 34 4.5.8 Authentication with eID Certificate . 35 4.6 Proof of Concept . 36 4.6.1 Overview . 36 4.6.2 Authentication Provider . 37 5 Evaluation 38 5.1 Confidentiality . 38 5.2 Integrity . 38 5.3 Accountability . 38 5.4 Authentication . 39 5.5 eID Certificate Revocation . 40 5.6 Model of Adversary and Potential Abuse Scenarios . 40 5.6.1 Man-in-the-Middle . 40 5.6.2 Man-in-the-Browser . 41 5.6.3 Replay Attack . 41 5.6.4 Cut and Pasted Code Attack . 42 5.6.5 Social Engineering . 42 5.6.6 Relatives and Related Persons . 42 6 Discussion 43 6.1 Confidentiality . 43 6.2 Integrity . 43 6.3 Accountability . 43 6.4 Authentication . 44 6.5 eID Certificate Revocation . 44 6.6 Model of Adversary and Potential Abuse Scenarios . 45 6.6.1 Man-in-the-Middle . 45 6.6.2 Man-in-the-Browser . 45 6.6.3 Replay Attack . 45 CONTENTS v 6.6.4 Cut and Pasted Code Attack . 45 6.6.5 Social Engineering . 46 6.6.6 Relatives and Related Persons . 46 6.7 Proof of Concept . 46 6.8 Design Choices . 46 6.9 Level of Assurance . 48 6.10 Sustainability and Ethics . 48 6.11 Societal Aspects . 48 7 Conclusions 50 8 Future Work 51 Bibliography 52 Chapter 1 Introduction This chapter introduces the thesis and presents the objective, motivation, and delimitations of the thesis. The chosen methodology will also be described. Electronic Identification (eID) is the process of utilizing a persons identification data to elec- tronically prove the identity of a person or an organization, for example when logging in to services provided by government authorities, banks etc. It can also be used to sign electronic documents. The importance of eID has increased along with the digitalization of the society and most likely the importance will continue to increase, as more services are dependent on eID. In Sweden there are a number of different solutions for eID; the most widely used is BankID [1] with over 7 million1 users [2] and 1.8 billion transactions during 2016 [3]. BankID is developed and maintained by Finansiell ID-Teknik BID AB [4],.
Load more

Recommended publications
  • Oauth 2.0 Dynamic Client Registration Management Protocol Draft-Jones-Oauth-Dyn-Reg-Management-00
    OAuth Working Group J. Richer TOC Internet-Draft The MITRE Corporation Intended status: Standards Track M. Jones Expires: August 1, 2014 Microsoft J. Bradley Ping Identity M. Machulak Newcastle University January 28, 2014 OAuth 2.0 Dynamic Client Registration Management Protocol draft-jones-oauth-dyn-reg-management-00 Abstract This specification defines methods for management of dynamic OAuth 2.0 client registrations. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as “work in progress.” This Internet-Draft will expire on August 1, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
    [Show full text]
  • The Atom Project
    The Atom Project Tim Bray, Sun Microsystems Paul Hoffman, IMC Recent Numbers On June 23, 2004 (according to Technorati.com): • There were 2.8 million feeds tracked • 14,000 new blogs were created • 270,000 new updates were posted Technology: How Syndication Works Now 1. Publication makes an XML document available at a well-known URI describing recent updates 2. Clients retrieve it regularly (slow polling) 3. That’s all! Technology: What’s In a Syndication Feed • One Channel: Title, URI, logo, generator, copyright, author • Multiple Items: Author, title, URI, guid, date(s), category(ies), description (excerpt/summary/ full-text) Species of RSS Currently Observed in the Wild • RSS 0.9: Netscape, RDF-based • RSS 0.91: Netscape, non-RDF • RSS 1.0*: Ad-hoc group, RDF-based • RSS 0.92*: UserLand, non-RDF • RSS 2.0*: UserLand, non-RDF * significant market share Data Format Problems Too many formats, they’re vaguely specified, there are technical issues with embedded markup, relative URIs, XML namespaces, and permanent identifiers. The personality & political problems are much worse. Scaling and security may be OK, because it’s all HTTP. The Protocol Landscape The Blogger and MetaWeblog “APIs” are quick hacks based on XML-RPC. They lack extensibility, standards-friendliness, security, authentication and a future. Atom, Pre-IETF • Launched Summer 2003 by Sam Ruby • Quick buy-in from major vendors • Quick buy-in from backers of all RSS species, except RSS 2.0 • Active wiki at http://www.intertwingly.net/wiki/ pie Atom in the IETF • Charter • Documents • Mailing list • Not meeting here Starting the Atompub charter • Floated in mid-April 2004 • Some tweaking but no major glitches from the first proposal • Decided to have Sam Ruby be the WG secretary • Was almost ready for the IESG to approve in mid-May, then...
    [Show full text]
  • Tim Bray 1 Tim Bray
    Tim Bray 1 Tim Bray Tim Bray Born Timothy William Bray June 21, 1955 Residence Vancouver, British Columbia, Canada Website http:/ / www. tbray. org/ ongoing/ Timothy William Bray (born June 21, 1955) is a Canadian software developer and entrepreneur. He co-founded Open Text Corporation and Antarctica Systems. Bray was Director of Web Technologies at Sun Microsystems from early 2004 to early 2010. Since then he has served as a Developer Advocate at Google, focusing on Android.[1] Early life Bray was born on June 21, 1955 in Alberta, Canada. He grew up in Beirut, Lebanon and graduated in 1981 with a Bachelor of Science (double major in Mathematics and Computer Science) from the University of Guelph in Guelph, Ontario. Tim described his switch of focus from Math to Computer Science this way: "In math I’d worked like a dog for my Cs, but in CS I worked much less for As—and learned that you got paid well for doing it."[2] In June 2009, he received an honorary Doctor of Science degree from the University of Guelph.[3] Fresh out of university, Bray joined Digital Equipment Corporation in Toronto as a software specialist. In 1983, Bray left DEC for Microtel Pacific Research. He joined the New Oxford English Dictionary project at the University of Waterloo in 1987 as its manager. It was during this time Bray worked with SGML, a technology that would later become central to both Open Text Corporation and his XML and Atom standardization work. Tim Bray 2 Entrepreneurship Waterloo Maple Tim Bray served as the part-time CEO of Waterloo Maple Inc.
    [Show full text]
  • Tim Bray [email protected] · Tbray.Org · @Timbray · +Timbray Left: 1997 Right: 2010 Java.Com Php.Net Rubyonrails.Org Djangoproject.Com Nodejs.Org
    Does the browser have a future? Tim Bray [email protected] · tbray.org · @timbray · +TimBray Left: 1997 Right: 2010 java.com php.net rubyonrails.org djangoproject.com nodejs.org developer.android.com/reference/android/os/Vibrator.html Functional thinking with Erlang counter_loop(Count) -> incr(Counter) -> receive Counter ! { incr }. { incr } -> ! counter_loop(Count + 1); find_count(Counter) -> { report, To } -> Counter ! { report, self() }, To ! { count, Count }, receive counter_loop(Count) { count, Count } -> end. Count end. Scalable parallel counters! tbray.org/ongoing/When/200x/2007/09/21/Erlang clojure.org scala-lang.org fndIDP.appspot.com c := make(chan SearchResult) go timeout(c) for _, searcher := range Searchers { go searcher.Search(email, c, handles) } bestStrength := -1 outstanding := len(Searchers) bestResult = SearchResult{TimeoutType, []IDP{}} for outstanding > 0 { result := <-c outstanding-- if result.rtype == TimeoutType { break // timed out, don't wait for trailers } if len(result.idps) == 0 { continue // a result that found nothing, ignore it } resultClass := ResultStrengths[result.rtype] if resultClass.verified { bestResult = result break // verified results trump all others } if resultClass.strength > bestStrength { bestStrength = resultClass.strength bestResult = result } else if resultClass.strength == bestStrength { bestResult.idps = merge(bestResult.idps, result.idps) } } ... func timeout(c chan SearchResult) { time.Sleep(2000 * time.Millisecond) c <- SearchResult{rtype: TimeoutType} } twitter.com/levwalkin/status/510197979542614016/photo/1
    [Show full text]
  • An Introduction to Georss: a Standards Based Approach for Geo-Enabling RSS Feeds
    Open Geospatial Consortium Inc. Date: 2006-07-19 Reference number of this document: OGC 06-050r3 Version: 1.0.0 Category: OpenGIS® White Paper Editors: Carl Reed OGC White Paper An Introduction to GeoRSS: A Standards Based Approach for Geo-enabling RSS feeds. Warning This document is not an OGC Standard. It is distributed for review and comment. It is subject to change without notice and may not be referred to as an OGC Standard. Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting do Document type: OpenGIS® White Paper Document subtype: White Paper Document stage: APPROVED Document language: English OGC 06-050r3 Contents Page i. Preface – Executive Summary........................................................................................ iv ii. Submitting organizations............................................................................................... iv iii. GeoRSS White Paper and OGC contact points............................................................ iv iv. Future work.....................................................................................................................v Foreword........................................................................................................................... vi Introduction...................................................................................................................... vii 1 Scope.................................................................................................................................1
    [Show full text]
  • AI, Robotics, and the Future of Jobs” Available At
    NUMBERS, FACTS AND TRENDS SHAPING THE WORLD FOR RELEASE AUGU.S.T 6, 2014 FOR FURTHER INFORMATION ON THIS REPORT: Aaron Smith, Senior Researcher, Internet Project Janna Anderson, Director, Elon University’s Imagining the Internet Center 202.419.4372 www.pewresearch.org RECOMMENDED CITATION: Pew Research Center, August 2014, “AI, Robotics, and the Future of Jobs” Available at: http://www.pewinternet.org/2014/08/06/future-of-jobs/ 1 PEW RESEARCH CENTER About This Report This report is the latest in a sustained effort throughout 2014 by the Pew Research Center’s Internet Project to mark the 25th anniversary of the creation of the World Wide Web by Sir Tim Berners-Lee (The Web at 25). The report covers experts’ views about advances in artificial intelligence (AI) and robotics, and their impact on jobs and employment. The previous reports in this series include: . A February 2014 report from the Pew Research Center’s Internet Project tied to the Web’s anniversary looking at the strikingly fast adoption of the Internet and the generally positive attitudes users have about its role in their social environment. A March 2014 Digital Life in 2025 report issued by the Internet Project in association with Elon University’s Imagining the Internet Center focusing on the Internet’s future more broadly. Some 1,867 experts and stakeholders responded to an open-ended question about the future of the Internet by 2025. One common opinion: the Internet would become such an ingrained part of the environment that it would be “like electricity”—less visible even as it becomes more important in people’s daily lives.
    [Show full text]
  • Eweek's 2007 Top 100 Most Influential People in IT
    March 16, 2007 eWeek's 2007 Top 100 Most Influential People in IT 1. Sergey Brin and Larry page – Google 40. Bruce Schneier – BT Counterpane 2. Tim Berners-Lee – W3C 41. Randy Mott – Hewlett-Packard 3. Linus Torvalds – Linux 42. Steve Mills – IBM 4. Larry Ellison – Oracle 43. Dave Barnes – UPS 5. Steve Ballmer – Microsoft 44. Jeff Bezos – Amazon 6. Steve Jobs – Apple 45. Michael Dell – Dell 7. Marc Benioff –Salesforce.com 46. Tom Friedman – New York Times 8. Ray Ozzie – Microsoft 47. Irving Wladawsky-Berger – IBM 9. Nicholas Negroponte – MIT 48. Douglas Merrill – Google 10. Diane Green – VMware 49. John Dingell – U.S. House of 11. Sam Palmisano – IBM Representatives (D-Mich.) 12. Blake Ross – Firefox 50. John Cherry – The Linux Foundation 13. Ralph Szygenda – General Motors 51. Nancy Pelosi – U.S. House of 14. Rollin Ford – Wal-Mart Representatives (D-Calif.) 15. Rick Dalzell – Amazon.com 52. Andy Bechtolsheim – Sun Microsystems 16. Dr. Alan Kay – Viewpoints Research 53. Rob Carter – FedEx Institute 54. Charles Giancarlo – Cisco Systems 17. Tim O’Reilly – O’Reilly Media 55. Vikram Akula – SKS Microfinance 18. Paul Otellini – Intel 56. Robin Li – Baidu 19. Jonathan Schwartz – Sun Microsystems 57. John Halamka M.D. – Beth Israel 20. Vinton Cerf – Google Deaconess Medical Center 21. Rick Rashid – Microsoft 58. Simon Phipps – Sun Microsystems 22. Mark Russinovich – Microsoft 59. Dr. Linton Wells II – U.S. Department of 23. Eric Schmidt – Google Defense 24. Mark Hurd – Hewlett-Packard 60. Kevin Martin – FCC 25. Margaret (Meg) Whitman - eBay 61. Gregor S. Bailar – Capital One 26. Tim Bray – Sun Microsystems 62.
    [Show full text]
  • Issues in Web Frameworks
    ISSUES IN WEB FRAMEWORKS Tim Bray Director of Web Technologies Sun Microsystems Big Hot Issues Maintainability Scaling Developer Developer Tools Speed Intrinsic Integration In-Stack “Web 2.0” Identity External Issues in Scaling Observability Load balancing File I/O CPU Shared-nothing DBMS Issues in Developer Speed Compilation File I/O step? Code Size Deployment step? Configuration process Issues in Developer Tools Templating IDE How many tools? O/R Mapping Documentation Performance Issues in Maintainability MVC Code size Language count Object Readability orientation Comparing Intrinsics PHP Rails Java Scaling Dev Speed Dev Tools Maintainability Comparing Intrinsics Which is most PHP Rails Java important? Scaling Dev Speed Dev Tools Maintainability The Identity Problem The usual approach: “Make a Integration, SOA, USERS table.”and Web Services Integration, SOA, and Web Services Integration, SOA, and Web Services Stack Integration Options Download & Integration,Vendor- SOA, build: Apache, andintegrated Web Services PHP, MySQL, LAMP stack. add-on packages. Integration, SOA, and Web Services Apache, MySQL, PHP, Perl, Squid cooltools.sunsource.net/coolstack/index.html External integration Issues PHP will never go away. Rails will never go away. Java will never go away. .NET will never go away. The network is the computer. The network is heterogeneous. How do we get work done? SOA: WS-* is the Official Answer 36 specs, about 1,000 pages total. (msdn.microsoft.com/webservices/webservices/understanding/specs/default.aspx) Is WS-* A Little Bit Too Complex? SOA: An Alternative View Web Services: The Alternative Be like the Web! The theory: REST (Representational State Transfer). The practice: XML + HTTP. In action today at: Google, Amazon, AOL, Yahoo!, many others.
    [Show full text]
  • The Atom Syndication Format
    Network Working Group M. Nottingham, Editor Request for Comments: 4287 R. Sayre, Editor Category: Standards Track December 2005 The Atom Syndication Format Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the “Internet Official Protocol Standards” (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright © The Internet Society (2005). All Rights Reserved. Abstract This document specifies Atom, an XML-based Web content and metadata syndication format. RFC 4287 Atom Format December 2005 Table of Contents 1 Introduction...............................................................................................................................................................4 1.1 Examples................................................................................................................................................................4 1.2 Namespace and Version........................................................................................................................................ 5 1.3 Notational Conventions......................................................................................................................................... 6 2 Atom Documents.......................................................................................................................................................7
    [Show full text]
  • A Use Case Diagram Is Useful When You Are Describing Requirements For
    China Seed Market To Hit $3.9 Billion! Shandong Zhouyuan Seed and Nursery Co., Ltd (SZSN) $0.28 UP 16.6% China is the second largest seed market in the world. China's current market is $2.9 Billion annually and experts forecast it to hit $3.9 Billion in the next 2.5 years. SZSN is already expanding to keep ahead of the demand. Read the news, and watch for more Monday. Get on SZSN! You agree to comply strictly with all such laws and regulations and acknowledge that you have the responsibility to obtain such licenses to export, re-export, o r import as may be required. With the JavaBeans API, you can create reusable, platform-independent components . Panelists: Rich Green Executive Vice President, Software Sun Microsystems, Inc. If Software or Information is being acquired by or on behalf of the U. We hope you join us again next year. Excellent Good Fair Poor Comments: If you would like a reply to your com ment, please submit your email address: Note: We may not respond to all submitte d comments. Each of these actors is external to the system and only interacts with the syste m. SMP is an essential resource for developers, programmers and system administrato rs of all levels working with Java and other Sun technologies. Download Today and enter for a chance to win an Apple iPod Nano. Support for multiple users. We are attending some of the sessions and writing articles and blogs to cover th e event. The exception handler chosen is said to catch the exception.
    [Show full text]
  • Resource-Oriented Architecture (ROA) and REST Scott Davis, Thirstyhead.Com
    Resource-Oriented Architecture (ROA) and REST Scott Davis, ThirstyHead.com Scott Davis Web Services When I say, “Web Services” ...what do you think of? Dave Winer, co-creator of XML-RPC, SOAP, and RSS: I love SOAP. SOAP was the lawyer of the family. It was the one that had the potential to bring everyone together. But you’d have to say at this point that SOAP is a failure. How long are we supposed to wait for the magic of SOAP to happen? “[With SOAP] we tried really hard to create a level playing field for small developers and large developers.” I was recently talking with Jeff Barr, Amazon's chief web services evangelist. Amazon has both SOAP and REST interfaces to their web services, and 85% of their usage is of the REST interface. Despite all of the corporate hype over the SOAP stack, this is pretty compelling evidence that developers like the simpler REST approach. I've always liked technologies that have low barriers to entry and grassroots adoption, and simple XML over HTTP approach seems to have that winning combination. RESTful Geocoder RESTful Rhyming API SOAP A specification REST A set of architectural principles REST is... REpresentational State Transfer Representational State Transfer (REST) is a software architectural style for distributed hypermedia systems like the world wide web. The term originated in a 2000 doctoral dissertation about the web written by Roy Fielding, one of the principal authors of the HTTP protocol specification, and has quickly passed into widespread use in the networking community. Systems that follow Fielding's REST principles are often referred to as RESTful; REST's most zealous advocates call themselves RESTafarians.
    [Show full text]
  • Content Syndication Contents
    E. Wilde: Content Syndication Contents Content Syndication Contents Abstract 2 Web Architecture and Content Feeds 3 1 Syndication Formats Information Management [./] RSS History 5 The Case for Content Management 6 Spring 2009 — INFO 190-02 Consuming RSS 7 Atom History 8 (CCN 42509) Atom vs. RSS 9 Atom Example 10 Atom Content 11 Erik Wilde, UC Berkeley School of Atom Content Examples 12 Atom Categories 13 Information Switching from RSS to Atom 14 Podcasts 15 2009-04-06 2 Using Feeds 2.1 Browser Handling Firefox 18 Internet Explorer 19 [http://creativecommons.org/licenses/by/3.0/] Safari 20 This work is licensed under a CC Chrome 21 Attribution 3.0 Unported License [http://creativecommons.org/licenses/by/3.0/] Opera 22 2.2 Feed Readers Google Reader 24 iTunes Podcasts 25 Podcast Channel Information 26 Podcast Item Information 27 Simple Web Services 28 Web Architecture and Information Management [./] 2009-04-06 Web Architecture and Information Management [./] 2009-04-06 Spring 2009 — INFO 190-02 (CCN 42509) Spring 2009 — INFO 190-02 (CCN 42509) E. Wilde: Content Syndication E. Wilde: Content Syndication Abstract (2) Content Feeds (3) For many information sources on the Web, it is useful to have some standardized way of Early Web content was static or updated very infrequently subscribing to information updates. Syndication formats such as RSS and Atom can be there was not yet the requirement to reuse content in different contexts used by these information sources to publish a feed of updated information items. Feeds Frequently updated Web content quickly became a very common scenario can be read directly in a browser, but in most cases they are read by specialized software; as commercial interests took over the Web, users should have a reason to either a feed reader that allows users to subscribe to more than one feed and manage the re-visit a site information received through all these feeds, or some software module that reads feeds presenting a steady stream of new content creates the image of a live Web site and embeds them for example in a Web page.
    [Show full text]