摘要
REST架构提供了统一的接口和资源定位,简化了Web服务接口的设计和实现,降低了Web服务的复杂度。同时由于REST是无状态的,其安全访问控制也是需要解决的关键问题之一。针对REST接口的访问控制问题,设计了一种身份认证方法。该方法利用基于摘要的认证思想,以UTC时间和客户端IP地址为认证因子,其中客户端IP地址是客户端从服务器端获取的资源数据。与已有的安全访问控制机制相比,该方法易于实现,易于部署,易于使用,可以有效防止重放攻击、截取攻击和篡改攻击。
REST architecture provides a unified interface and resource location,simplifies the design and implementation of web service interface,and reduces the complexity of web services.At the same time,because REST is stateless,its security access control is also one of the key problems to be solved.Aiming at the problem of access control in REST interface,an identity authentication method is designed.Based on the idea of digest authentication,this method takes UTC time and client IP address as authentication factors,and the client IP address is the resource data that the client obtains from the server.Compared with the existing secure access control mechanisms,this method is easy to implement,deploy and use,and can effectively prevent replay attacks,interception attacks and tampering attacks.
作者
黄世中
HUANG Shi zhong(Institute of Applied Mathematics,Hebei Academy of Sciences,Shijiazhuang 050081,China;Hebei Authentication Technology Engineering Research Center,Shijiazhuang 050081,China)
出处
《电子设计工程》
2020年第9期18-21,26,共5页
Electronic Design Engineering
基金
河北省科学院科技攻关项目(18605)。
