Skip to main content
SpringerLink
Log in

Flexible Autorisierung in Datenbank-basierten Web Service-Föderationen

Unterstützung von stark und schwach gekoppelten Kollaborationsnetzwerken auf Web Service-Technologie

  • Original Article
  • Published:
Informatik - Forschung und Entwicklung

Zusammenfassung

Die plattformunabhängige und organisationsübergreifende Web Services-Interoperabilität setzt ein leistungsfähiges und flexibles Autorisierungssystem voraus. In diesem Beitrag wird ein Zugriffskontrollsystem vorgestellt, welches sich durch das Zusammenspiel lokaler und verteilter Autorisierung auszeichnet. Im Zusammenhang mit lokaler Zugriffskontrolle, bei der Rechte innerhalb einer Organisation ausgewertet werden, stellt sich insbesondere die Herausforderung, Autorisierungsregeln zu konsolidieren: Da die Funktionalität von Web Services häufig auf weitere Anwendungen und Betriebsmittel wie Datenbanksystemen aufsetzt, ergeben sich Abhängigkeiten bezüglich der Autorisierung, die überprüft und eingehalten werden müssen. Über eine verteilte Zugriffskontrolle wird der Aufbau von Kollaborationsnetzwerken ermöglicht. Der Augenmerk liegt im Folgenden auf schwach gekoppelten Zusammenschlüssen, die die Autonomie der beteiligten Organisationen beibehält. Skalierbarkeit und Effizenz werden durch den Einsatz von rollenbasierter Zugriffskontrolle einerseits und dem Caching ähnlicher, wiederkehrender Autorisierungen andererseits erreicht.

Abstract

Platform-independent and cross-organizational Web services interactions demand for a powerful and flexible access control system. This article presents such a system that relies on the interplay of local and distributed authorization. For the local evaluation of access policies, the verification of policy dependencies is a crucial task, as Web services’ oftentimes rely on the interaction with underlying applications like database systems that perform access control independently. Via distributed authorization, the set-up of collaboration networks is enabled. Thereby, the focus is on loosely coupled networks that preserve the autonomy of authorization of federating organizations. Scalability of collaborations is achieved through a distributed role-based access control model and efficiency is provided by caching repeatedly occurring authorizations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Literatur

  1. Adamic LA, Huberman BA (2002) Zipf’s Law and the Internet. Glottometrics 3:143–150

    Google Scholar 

  2. Anderson A (2004) XACML Profile for Role Based Access Control RBAC Profile. working draft Version 2.0, OASIS, May 2004

  3. Biskup J, Leineweber T, Parthe J (2003) Administration Rights in the SDSD-System. In: Proceedings of the Seventeenth Annual Working Conference on Database and Application Security, Estes Park, Colorado, United States, August 2003

  4. Cabrera LF, Copeland G, et al. (2002) Web Services Transaction Language (WS-Transaction). http://www-106.ibm.com/developerworks/ webservices/library/ws-transpec/, August 2002

  5. Cabrera LF, Copeland G, et al. (2003) Web Services Atomic Transaction Language (WS-AtomicTransaction). http://www-106.ibm.com/developerworks/ library/ws-atomtran/, September 2003

  6. Castano S, Fugini M, Martella G, Samarati P (1994) Database Security. Addison-Wesley

  7. Cao LY, "Ozsu MT (2002) Evaluation of Strong Consistency Web Caching Techniques. World Wide Web 5(2):95–124

    Google Scholar 

  8. Database access and integration services wg (dais-wg). https://forge.gridforum.org/projects/dais-wg

  9. Freudenthal E, Pesin T, Port L, Keenan E, Karamcheti V (2002) dRBAC: Distributed Role-Based Access Control for Dynamic Coalition Environments. In: Proceedings of the Twenty-second IEEE International Conference on Distributed Computing Systems (ICDCS), Vienna, Austria, pp 411—420, July 2002

  10. Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, Chandramouli R (2001) Proposed NIST standard for Role-Based Access Control. ACM Trans Inf Syst Secur 4(3):224–274

    Google Scholar 

  11. Gray C, Cheriton D (1989) Leases: an efficient fault-tolerant mechanism for distributed file cache consistency. In: Proceedings of the twelfth ACM symposium on Operating systems principles. ACM Press, pp 202–210

  12. The Globus Alliance Project Homepage. http://www.globus.org/

  13. Godik S, Moses T, et al. (2003) eXtensible Access Control Markup Language (XACML). http://www.oasis-open.org/committees/ tc_home.php?wg_abbrev=xacml, February 2003

  14. Kahler C, Nadalin A, et al. (2003) Web Services Federation Language (WS-Federation). http://www-106.ibm.com/developerworks/ webservices/library/ws-fed/, July 2003

  15. Keidl M, Seltzsam S, Stocker K, Kemper A (2002) ServiceGlobe: Distributing E-Services across the Internet (Demonstration). In: Proceedings of the International Conference on Very Large Data Bases (VLDB), Hong Kong, China, pp 1047–1050, August 2002

  16. Open grid services architecture – data access and integration (ogsa-dai). http://www.ogsadai.org.uk/

  17. Pearlman L, Foster V, Welch I, Kesselman C, Tuecke S (2002) A Community Authorization Service for Group Collaboration. In: 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY), Monterey, CA, USA. IEEE Computer Society, pp 50–59, June 2002

  18. Seltzsam S, Börzsönyi S, Kemper A (2001) Security for Distributed E-Service Composition. In: Proceedings of the International Workshop on Technologies for E-Services (TES), Lecture Notes in Computer Science (LNCS), vol 2193, Rome, Italy, pp 147–162, September 2001

  19. Wimmer M, Eberhardt D, Ehrnlechner P, Kemper A (2004) Reliable and Adaptable Security Engineering for Database-Web Services. In: Proceedings of the Fourth International Conference on Web Engineering, Lecture Notes in Computer Science (LNCS), vol 3140, Munich, Germany, pp 502–515, July 2004

  20. Wimmer M, Ehrnlechner P, Kemper A (2005) Flexible Autorisierung in Web Service-Föderationen. In: Proceedings of the GI Conference on Database Systems for Business, Technology, and Web (BTW), Karlsruhe, Germany, February 2005

Download references

Author information

Authors and Affiliations

  1. Lehrstuhl für Informatik III, Technische Universität München, Boltzmannstr. 3, 85748, Garching bei München, Deutschland

    Martin Wimmer, Pia Ehrnlechner, Armin Fischer & Alfons Kemper

Authors
  1. Martin Wimmer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pia Ehrnlechner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Armin Fischer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alfons Kemper
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Wimmer.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Wimmer, M., Ehrnlechner, P., Fischer, A. et al. Flexible Autorisierung in Datenbank-basierten Web Service-Föderationen. Informatik Forsch. Entw. 20, 167–181 (2005). https://doi.org/10.1007/s00450-005-0193-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00450-005-0193-9

Keywords

Search

Navigation