Sciweavers

ICWE
2004
Springer

Reliable and Adaptable Security Engineering for Database-Web Services

14 years 5 months ago
Reliable and Adaptable Security Engineering for Database-Web Services
The situation in engineering security for Web services that access databases is as follows: On the one hand, specifications like WSSecurity are concerned with the security management for Web services, while on the other hand there exist well established mechanisms for access control in the area of commercial database systems. In handling security for services that rely on database systems, two extreme approaches can currently be observed: The more database-centric one, where the access control decisions are left to the DBMS, and the service-centric authorization approach. The service-centric approach requires a Web service to run under control of the database system provider as operations like queries and updates have to be executed with comprehensive privileges. Authorization has to be enforced by the service itself. In case access control policies of a service are defined independently with regard to the database policies, authorization mismatches are likely to be induced. In our n...
Martin Wimmer, Daniela Eberhardt, Pia Ehrnlechner,
Added 02 Jul 2010
Updated 02 Jul 2010
Type Conference
Year 2004
Where ICWE
Authors Martin Wimmer, Daniela Eberhardt, Pia Ehrnlechner, Alfons Kemper
Comments (0)