A Framework for Obligation Fulfillment in REST Services

An Obligation is an expression of non-functional or cross-cutting requirements, the scope of which transcends any specific service, but for which the service bears an enforcement responsibility. Example use cases include regulations imposed on handling of Electronic Health Records. We describe the concept of an Obligation, provide example use cases, and then define a general design pattern for when a REST developer should consider their use. We then describe a proof-of-concept implementation that extends the Spring Security framework to support the assertion of Obligations within a RESTful service deployment. This extension may be used to inject a range of Obligation behaviors into a REST service during the design, deployment, and post deployment phases. Our prototype is compatible with the XACML 3.0 core standard.