The Research And Development Of Light RESTful Web Service Security Protocol In Mobile Platform

Compared with traditional Web Service, RESTful Web Service is lighter and it is more suitable for development in mobile platform. But there is not a security protocol which suit RESTful Web Service till now properly.WS-Security cannot be used in RESTful Web Service because it is based on SOAP. HTTPS, SSL/TLS cannot fulfill security service of end-to-end and configuration.In this paper, we design a light RESTful Web Service security protocol--Rest-ful-Security learned from WS-Security. Realized the core codes about Restful-Security en-gine, and test it in mobile environment. The work in this paper includes:1、Restful-Security protocol designWS-Security is a protocol framework. Its design considered policy language description capability fully, compatible issue with different infrastructures and standards. Our Rest-ful-Security is much simple to access and realized.2、Restful-Security engine realizedEngine has two parts in deployment perspective:Android Client and server. It has pol-icy file parse and HTTP analysis in function perspective. Finally it realized authentication, integrity and confidentiality about RESTful Web Service.3、Test ProtocolWe have setup test environment for RESTful Web Service communication in mobile platform, and design test cases. Compared Restful-Security and WS-Security according to serveral small examples has been finished.