• DocumentCode
    241300
  • Title

    Distributed authorization in complex multi entity-driven API ecosystems

  • Author

    Thatmann, Dirk

  • Author_Institution
    Telekom Innovation Labs., Tech. Univ. Berlin, Berlin, Germany
  • fYear
    2014
  • fDate
    15-17 Dec. 2014
  • Firstpage
    1
  • Lastpage
    9
  • Abstract
    In certain business sectors adapting to modern and cost reducing technologies and service models can be still a challenge. This especially applies for health care related SME, such as hospitals, where cost reduction runs counter the need of being compliant to legal regulations and where the access control has to struggle against a diverse landscape of health care equipment accompanied by dynamic and complex role models. Outsourcing data storage and data processing seems not to reduce the complexity, rather bears the risks of reduced data availability, loss or abuse of data and can increase legal compliance risks and concerns. Since this applies for many SMEs, a common platform, such as an ecosystem, can help to lower the entrance barrier by regaining helpful management functionalities, standardized basic services and therefore push the adoption to modern cost reducing service consumption scenarios. In this paper a generic design pattern for realizing distributed authorization in an API ecosystem is presented. The pattern is applied within a research project, which aims to develop an ecosystem for trading and consuming services within demanding business sectors and reduce lock-in effects for both, service providers and consumers. The concept of Distributed Authorization is applied in a new complex multi entity use-case, where access policies for RESTful APIs can be designed flexible under consideration of service providers´ and consumers´ requirements which are enforced by a central trusted 3rd party provider.
  • Keywords
    application program interfaces; authorisation; API ecosystem; SME; access control; complex multientity-driven API ecosystems; data processing; distributed authorization; generic design pattern; health care equipment; hospitals; outsourcing data storage; trading; Authorization; Contracts; Ecosystems; Logic gates; Monitoring; Servers;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Signal Processing and Communication Systems (ICSPCS), 2014 8th International Conference on
  • Conference_Location
    Gold Coast, QLD
  • Type

    conf

  • DOI
    10.1109/ICSPCS.2014.7021072
  • Filename
    7021072