Development of a meta-model for categorizing Web-APIs.
Today, many web services offer a separate interface in the form of a Web-API that enables data exchange and consumption of remote services. However, the management of security aspects of these interfaces is often complex and opaque. Considering the role of Web-APIs as a corner stone and driver of modern Internet and cross-domain transactions, it is necessary to reconsider the modeling of underlying security features and data models applied in the cross-domain communication.
In the course of the previous projects A-SIT has already researched the application of diverse authorization models at cloud services (post secure integration in the cloud), which later enabled the development of a multifunctional conceptual and software framework (post multidimensional security policies). In the scope if this project we extend the framework and implement new concepts that enable machine-understandable structuring of different categories of Web-APIs. The primary goal of this work is advancement of security management of API related transactions. In the first iteration, we have investigated 20 APIs from 7 different product categories. Following the analysis, the initial concepts from the previous projects were extended and implemented as a part of an extended framework.