Authentication Ontology

Authentication of Web APIs has three main characteristics, i.e. 1) the required credentials, 2) the used authentication protocol, and 3) the way of sending the authentication information, which are described as three classes in the proposed authentication ontology, i.e. AuthenticationMechanism, Credentials and TransmissionMedium respectively. The ontology is shown below. The AuthenticationMechanismclass has six subclasses corresponding to six types of common authentication mechanisms. AuthenticationMechanism should be associated with the concept of either Service or Operation through hasAuthenticationMecahsism property.

It relates to Credentials and TransmissionMedium through properties of hasInputCredentials and wayofSendingInformation respectively. The Credentials class has a number of subclasses including APIKey, Username, Password etc. required by different authentication mechanisms. The TransmissionMedium has three instances (ViaHTTPHeader, viaHTTPbody and ViaURI), used to describe that the credentials are sent by using only the URI or through constructing an HTTP header.

Authentication Mechanisms

The authentication mechanisms used by most of Web APIs are differentiated by either the used authentication credentials (e.g. API key or username and password), or the transmission security protocol (HTTP Basic Authentication, HTTP Digest Authentication and OAuth), or a combination of those. In the authentication ontology, they were classified into the following six types, which are described as RDF(S) classes.

Authentication Ontology

Association of Authentication Ontology with Service Ontology

The authentication ontology is expected to serve the purpose of extending service description with authentication information by simply attaching it to the service and operation elements. One of the design principles, among many others, is not to be bound to any Web API description model, and hence the Service and Operation classes lack a namespace because they serve as placeholders that can be replaced by the service and operation elements of any Web API model, not necessarily the service ontology model proposed here. In this way, the ontology can be used as an extension to existing formalisms and remain independent from them. The extension of authentication ontology to any service model is defined as follows: the Service class, of any service model, relates to, through requiresAuthentication property, the ServiceAuthentication class, which has three instances including All, Some and None that are used to point out that the service requires authentication for all its operations, for only some of them or for none of them. These properties can be explicitly defined or deduced through reasoning mechanisms over the operation annotations. The Service or Operation class has relationship to the AuthenticationMechanism class through hasAuthenticationMecahsism property.