Clik here to view.
A REST API for XACML
The wonderful book RESTful Web Services describes a procedure for developing RESTful web services. In this post, we will apply this procedure to XACML. The eXtensible Access Control Markup Language...
View ArticleClik here to view.
LinkedIn Incident Shows Need for SecaaS
Security is a negative feature. What I mean by that is that you will never get kudos for implementing a secure system, but you certainly will get a lot of flak for an insecure system, as the recent...
View ArticleClik here to view.
Behavior-Driven Development (BDD) with JBehave, Gradle, and Jenkins
Behavior-Driven Development (BDD) is a collaborative process where the Product Owner, developers, and testers cooperate to deliver software that brings value to the business. BDD is the logical next...
View ArticleClik here to view.
XACML Vendor: Axiomatics
This is the second in a series of posts where I interview XACML vendors. This time it’s Axiomatics’ turn. Their CTO Erik Rissanen is editor of the XACML 3.0 specification. Why does the world need...
View ArticleClik here to view.
Supporting Multiple XACML Representations
We’re in the process of registering an XML media type for the eXtensible Access Control Markup Language (XACML). Simultaneously, the XACML Technical Committee is working on a JSON format. Both media...
View ArticleClik here to view.
Securing Mobile Java Code
Mobile Code is code sourced from remote, possibly untrusted systems, that are executed on your local system. Mobile code is an optional constraint in the REST architectural style. This post...
View ArticleClik here to view.
Is XACML Dead?
XACML is dead. Or so writes Forrester’s Andras Cser. Before I take a critical look at the reasons underlying this claim, let me disclose that I’m a member of the OASIS committee that defines the XACML...
View ArticleClik here to view.
Securing HTTP-based APIs With Signatures
I work at EMC on a platform on top of which SaaS solutions can be built. This platform has a RESTful HTTP-based API, just like a growing number of other applications. With development frameworks like...
View ArticleClik here to view.
How To Implement Input Validation For REST resources
The SaaS platform I’m working on has a RESTful interface that accepts XML payloads. Implementing REST Resources For a Java shop like us, it makes sense to use JAX-B to generate JavaBean classes from an...
View ArticleClik here to view.
REST 101 For Developers
Local Code Execution Functions in high-level languages like C are compiled into procedures in assembly. They add a level of indirection that frees us from having to think about memory addresses....
View ArticleClik here to view.
The Decorator Pattern
One design pattern that I don’t see being used very often is Decorator. I’m not sure why this pattern isn’t more popular, as it’s quite handy. The Decorator pattern allows one to add functionality to...
View ArticleClik here to view.
REST Maturity
In 2008, Leonard Richardson published his Maturity Heuristic that classified web services into three levels based on their use of URI, HTTP, and hypermedia. Back then, most web services were stuck at...
View ArticleClik here to view.
RESTBucks Evolved
The book REST in Practice: Hypermedia and Systems Architecture uses an imaginary StarBucks-like company as its running example. I think this is a great example, since most people are familiar with the...
View ArticleClik here to view.
HyperRosetta
The Rosetta stone is a rock with the same text inscribed in three different languages. This allowed us to decipher Egyptian hieroglyphs. In this post I’ll introduce a similar “stone” for hypermedia...
View ArticleClik here to view.
Behavior-Driven RESTful APIs
In the RESTBucks example, the authors present a useful state diagram that describes the actions a client can perform against the service. Where does such an application state diagram come from? Well,...
View ArticleClik here to view.
How To Control Access To REST APIs
Exposing your data or application through a REST API is a wonderful way to reach a wide audience. The downside of a wide audience, however, is that it’s not just the good guys who come looking....
View ArticleClik here to view.
How To Design a REST API
There is a lot of interest in REST APIs these days. Unfortunately, most APIs I see are not very mature. In this post I’d like to share my approach to designing REST APIs: Understand the problem domain...
View ArticleClik here to view.
How To Return Error Details From REST APIs
The HTTP protocol uses status codes to return error information. This facility, while extremely useful, is too limited for many use cases. So how do we return more detailed information? There are...
View ArticleClik here to view.
The State of REST
The S in REST stands for State. Unfortunately, state is an overloaded word. In this post I’ll discuss the two different kinds of state that apply to REST APIs. Applications The first type of state is...
View ArticleClik here to view.
How To Process Java Annotations
One of the cool new features of Java 8 is the support for lambda expressions. Lambda expressions lean heavily on the FunctionalInterface annotation. In this post, we’ll look at annotations and how to...
View Article