Role-Based Access Control Models
Computer
Supporting relationships in access control using role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Corba security: an introduction to safe computing with objects
Corba security: an introduction to safe computing with objects
Mastering Web Services Security
Mastering Web Services Security
Object Security Attributes: Enabling Application-Specific Access Control in Middleware
On the Move to Meaningful Internet Systems, 2002 - DOA/CoopIS/ODBASE 2002 Confederated International Conferences DOA, CoopIS and ODBASE 2002
A Resource Access Decision Service for CORBA-Based Distributed Systems
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
The Authorization Service of Tivoli Policy Director
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Designing Software for Ease of Extension and Contraction
IEEE Transactions on Software Engineering
CBSE in small and medium-sized enterprise: experience report
CBSE'06 Proceedings of the 9th international conference on Component-Based Software Engineering
Hi-index | 0.00 |
This report reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. The limitations of Microsoft ASP.NET container security mechanisms render them inadequate for hosting enterprise-scale applications that have to be protected according to diverse and/or complex application-specific security policies. In this paper we report on our experience of designing and implementing a component-based architecture for protecting enterprise-grade Web service applications hosted by ASP.NET. Due to its flexibility and extensibility, this architecture enables the integration of ASP.NET into the organizational security infrastructure with less effort by Web service developers. The architecture has been implemented in a real-world security solution. This paper also contributes a best practice on constructing flexible and extensible authentication and authorization logic for Web services by using Resource Access Decision and Attribute Function (AF) architectural styles. Furthermore, the lessons learned from our design and implementation experiences are discussed throughout the paper.