regulating the synchronous interaction of web services
Download
Skip this Video
Download Presentation
Regulating the Synchronous Interaction of Web-Services

Loading in 2 Seconds...

play fullscreen
1 / 24

Regulating the Synchronous Interaction of Web-Services - PowerPoint PPT Presentation


  • 77 Views
  • Uploaded on

Regulating the Synchronous Interaction of Web-Services. Constantin Serban Department of Computer Science Rutgers University. Outline. Enterprise-wide access control : motivation Current approaches and LGI-based solution Regulating synchronous communication Controlling the request arguments

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Regulating the Synchronous Interaction of Web-Services' - umika


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
regulating the synchronous interaction of web services

Regulating the SynchronousInteraction of Web-Services

Constantin Serban

Department of Computer Science

Rutgers University

1

outline
Outline
  • Enterprise-wide access control : motivation
  • Current approaches and LGI-based solution
  • Regulating synchronous communication
    • Controlling the request arguments
    • Controlling the answer
  • Conclusions

2

enterprise wide access control
Enterprise-wide access control
  • Enterprises increasingly rely on heterogeneous collections of web services
    • Each WS may have its own server-centric policy
  • Question: how does one establish a communal, enterprise wide policy?
    • How to ensure that this policy is complied with

3

enterprise wide access control1
Enterprise wide access control

Enterprise policy

WS

WS

4

communal ac a case study
Communal AC –a Case Study
  • Consider a healthcare system composed of multipleheterogeneous services maintaining patient records.
  • An example of a communal AC policy:
    • Doctors can access patient records, in full.
    • Researchers can access specified parts of the records, and they have to pay for it, in proportion to the volume of data received.
    • All accesses to patient records are to be monitored.
  • Such a policy has to be specified at the enterprise level, and complied with by all WS and their users

5

server centric ac
Server-Centric AC

Client

Access

Control

Request

Server

Response

6

server centric ac1
Server-Centric AC
  • Each server has its own AC policy
  • The enforcement of the policy is at the discretion of the server

Client

Access

Control

Request

Server

Response

7

communal ac xacml others
Communal AC (XACML & Others)

P

PDP: Policy Decision Point

PDP

PEP: Policy Enforcement Point

Client

PEP

Request

Server

Response

8

communal ac xacml others1
Communal AC (XACML & Others)
  • The policy can be enterprise wide
  • But the enforcement is still at the discretion of the server
  • Moreover, it is application-dependent

P

PDP: Policy Decision Point

PDP

PEP: Policy Enforcement Point

Client

PEP

Request

Server

Response

9

communal ac via central reference monitor rm
Communal ACvia central Reference Monitor (RM)
  • Carries enterprise-wide policy
  • Access control is mandatory

Client

Request

P

Server

Response

RM

10

communal ac via central rm
Communal AC via central RM
  • Not scalable, and potential bottleneck

Client

Request

P

Server

Response

RM

Client

Client

Server

11

communal ac via lgi
Communal AC via LGI

Client

Req

P

P

Server

Resp

Controller

Controller

12

communal ac via lgi1
Communal AC via LGI
  • Both controllers carry the same policy
  • Access control is mandatory, stateful, fine-grained

Client

Req

P

P

Server

Resp

Controller

Controller

13

types of communication in ws
Types of communication in WS
  • Regulation of message exchange using LGI (previous presentation)
  • Significant portion of WS traffic is synchronous (SOAP-RPC)
  • Regulation of synchronous communication has several peculiar aspects

14

outline1
Outline
  • Enterprise-wide access control : motivation
  • Current approaches and LGI-based solution
  • Regulating synchronous communication
    • Controlling the request arguments
    • Controlling the answer
  • Conclusions

15

regulating synchronous communication
Regulating synchronous communication
  • Control both therequestand the response
  • Regulate both at the client side and at the server side—maintaining state in both
  • Sensitive to:
    • Request arguments
    • Return value
    • State, of both client and server; state of the communication between the request and the response
  • Impose constraints on the communication protocol: time-outs, load balancing, etc

16

control over the request
Control over the request
  • Purpose
    • Specify under what condition a client can make a certain request to a service
    • different than what client can access the service
  • Access control based on:
    • Source and target of the request, their state, the request and its parameters

17

control over the response
Control over the response
  • Control information might be available only at the time of the response
  • The state of both the client and the server are best updated based on response data
  • For other purposes: auditing, accounting, etc.

18

response control example 1
Response control : Example 1
  • A healthcare system provides a generic service to access a patient’s record.
  • Clients can be both doctors and researchers
  • Doctors can access each record in full, researches can access some of the information within a record
  • Access control scheme can blackout the sensitive data in a record after the service responds.

19

response example 1 cont d
Response Example 1(cont’d)

Controller

Controller

Client

getRecord(id#)

P

P

Server

recordAns

-------

-------

diagnostic

medication

recordAns

ssn

name

diagnostic

medication

20

response control example 2
Response control : Example 2
  • Researchers pay only if a request is satisfied, and in proportion to the volume of the data received
  • Update the state (token, others…) of the researcher only if the request was successful
  • Increase/decrease the reputation of the server
  • The answer itself determines the change in the state of (either, both) server/client

21

response example 2 cont d
Response Example 2(cont’d)

Controller

Controller

Client

getRecord(id#)

P

P

Server

recordAns

decreaseBudget

updateReputation

22

implementation
Implementation
  • RRMI – Regulated RMI : source level RMI compatible
    • Full stub/skeleton generation
    • RRMI Registry fully implemented with LGI control
    • Policies written in Java in a simple, concise form.
    • Good performance : overhead in the order of few hundreds of micro-s/method call
    • Part of a subsequent release of the Moses platform
  • Work in progress: move the protocol to SOAP

23

summary
Summary
  • WS are required to comply to enterprise-wide policies
    • Several approaches in access control
    • LGI control model for WS
  • Synchronous interaction of WS
    • Stateful and fine grained control
    • Control over the reply in synchronous interaction

24

ad