Skip to Main Content
Web service security is essential for SOA-based applications. Based on the analysis of the two existing authentications of REST-style Web services, Basic HTTP Authentication and HTTP Digest Authentication, we propose an extended UsernameToken-based approach for REST-style Web service. In this approach, the WS-Security UsernameToken and secondary password are added into the HTTP header. By this way, the approach allows service providers to define their own authentication which makes up for the disadvantages of the current security aspect of REST-style Web services, especially when Basic HTTP Authentication and HTTP Digest Authentication are not applicable. Analysis shows that the approach implements the REST-style Web service security effectively.