Abstract:
Representational state transfer service(RESTful service) has gained widespread acceptance as a simpler alternative to SOAP/WS-\+*Web services. Acknowledging the hypermedia nature of RESTful service, the response of the RESTful usually contains links that can be used as the engine to fire new resource request. The complex internal state transitions in the service request/response process can lead to bigger privacy risks. How to accurately depict privacy actions in this dynamic interactive context driven by the hypermedia is one fundamental issue in RESTful service privacy protection research. In this paper we present a RESTful application state privacy model based on single-event finite automaton and discuss the automatical transformation method from RESTful service description to that formal model. We establish the privacy action meta-model to depict the atomic privacy action with accurate semantics and formally define some kernel elements of RESTful service and the relationship among them. We then discuss how to transform the RESTful service resources to the corresponding privacy actions. In addition, we propose a new data structure called resource link mapping tree to represent the relationship between the RESTful service resources and links. A transformation method based on the resource link mapping tree is introduced to generate the corresponding privacy actions from the RESTful service definition and further generate the formal single-event automata with the algorithm considering both protocol links and hypermedia links. We finally use a case-study of e-Bay “add to watch list” service and the experiments based on our prototype tools to show the feasibility of our approach.