Design Of A Security Mechanism For Restful Web Service Communication Through Mobile Clients

Security is not taken into account by default in the Representational State Transfer (REST) architecture, but its layered architecture provides many opportunities for implementing it. In this paper, a security mechanism for Web Service communication through mobile clients devices is proposed, that conforms to the REST architecture as much as possible. This approach has been inspired by some known security mechanisms, but implemented in such a way that it focusses on statelessness and aims to be lightweight. Results indicate that the custom security mechanism outperforms the Transport Layered Security (TLS) based system. Because of the genericness of REST, the proposed security mechanism can be adopted by a wide variety of other RESTful Web Services.