Abstract
In the past ten years Web Services have positioned themselves to be one of the leading
distributed technologies. The technology, supported by major IT companies, offers
specifications to many challenges in a distributed environment like strong interface and
message contacts, service discovery, reliable message exchange and advanced security
mechanisms. On the other hand, all these specifications have made Web Services very
complex and the industry is struggling to implement those in a standardized manner.
REST based services, also known as RESTful services, are based on pure HTTP and
have risen as competitors to Web Services, mainly because of their simplicity. Now they are
being adopted by the majority of the big industry corporations including Microsoft, Yahoo
and Google, who have deprecated or passed on Web Services in favor of RESTful services.
However, RESTful services have been criticized for lacking functionality offered by Web
Services, especially message-level security. Since security is an important functionality which
may tip the scale in a negative direction for REST based services, this thesis proposes a
prototype solution for message-level security for RESTful services. The solution is for the
most part technical and utilizes well-known, cross-platform mechanisms which are composed
together while a smaller part of the solution discusses a non-technical approach regarding the
token distribution. During the development of the prototype, much of the focus was to adapt
the solution according to the REST principals and guidelines, such are multi-format support
(XML or JSON) and light-weight, human readable messages.