|
TU München - Fakultät für
Informatik
Lehrstuhl III: Datenbanksysteme |
|
|
|
TU München - Fakultät für
Informatik
Lehrstuhl III: Datenbanksysteme |
|
Security Engineering for Web Services
|
Motivation
Security is always in the center of concern of any distributed system.
In the area of Web services, several new approaches exist, regarding
authentication and authorization - among others WS-Security and follow-up
standards, as well as SAML and XACML. The focus of our research work lies
upon reliable and adaptable security engineering, especially authorization, for services that
interact with databases, what applies to the predominant majority of nowadays
e-services. Considering security for database systems, common authorization
techniques are discretionary access control (DAC), mandatory access control
(MAC) and role based access control (RBAC). Inconsistencies are likely to
arise, in case the access control for a Web service is designed in an
uncorrelated manner with regard to the authorization policies of
underlying databases. We developed an approach to bridge the gap between
DBMS authorization and access control for Web services. A Web service policy is designed
reliably, if its access control is supported by the policies of the respective database
system(s). This relationship can be verified automatically. Current research
topics are concerned with the distributed evaluation of policies. That
means, privileges can be delegated to other entities, especially across
administrative domains.
Current status
The project is based upon the
ServiceGlobe system.
The described techniques are implemented as a prototype realization.
Currently, distributed policy enforcement is evaluated and further effort is
made regarding the supported generation of services with respective
authorization policies.
|
Current research
topics
Related projects People
|
|