Access control in the aqualogic data services platform

  • Authors:

  • Vinayak Borkar;Michael Carey;Daniel Engovatov;Dmitry Lychagin;Panagiotis Reveliotis;Joshua Spiegel;Sachin Thatte;Till Westmann

  • Affiliations:

  • University of California, Irvine, Irvine, CA, USA;University of California, Irvine, Irvine, CA, USA;Stanford University, Stanford, CA, USA;Oracle Corporation, Redwood City, CA, USA;BEA Systems Inc, San Jose, CA, USA;Oracle Corporation, Redwood City, CA, USA;Oracle Corporation, Redwood City, CA, USA;SAP AG, Hidelberg, Germany

  • Venue:
  • Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
  • Year:
  • 2009

Quantified Score

Hi-index 0.02

Visualization

Abstract

The AquaLogic Data Services Platform (ALDSP) is a middleware platform for building data services that integrate and provide operations over data drawn from spanning multiple heterogeneous information sources. A data service consists of an XML Schema instance, describing its information content, and a collection of XQuery functions and procedures that comprise its set of operations. This paper describes access control in ALDSP. We describe ALDSP's securable resource hierarchy, its fine-grained access control capabilities for securing portions of data service schemas, how XQuery can be used to specify data-driven security policies, and how user identity mapping is supported. We then provide an in-depth overview of how ALDSP works, including implementation techniques to keep access control checking from interacting badly with view rewriting, query optimization, and caching.