Download Regulating the Synchronous Interaction of Web-Services

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
Document related concepts
no text concepts found
Transcript 
Regulating the Synchronous
Interaction of Web-Services
Constantin Serban
Department of Computer Science
Rutgers University
1
Outline
• Enterprise-wide access control : motivation
• Current approaches and LGI-based solution
• Regulating synchronous communication
– Controlling the request arguments
– Controlling the answer
• Conclusions
2
Enterprise-wide access control
• Enterprises increasingly rely on
heterogeneous collections of web services
– Each WS may have its own server-centric policy
• Question: how does one establish a
communal, enterprise wide policy?
– How to ensure that this policy is complied with
3
Enterprise wide access control
Enterprise policy
WS
WS
4
Communal AC –a Case Study
• Consider a healthcare system composed of
multiple heterogeneous services
maintaining patient records.
• An example of a communal AC policy:
– Doctors can access patient records, in full.
– Researchers can access specified parts of the
records, and they have to pay for it, in
proportion to the volume of data received.
– All accesses to patient records are to be
monitored.
• Such a policy has to be specified at the
enterprise level, and complied with by all
WS and their users
5
Server-Centric AC
Client
Request
Response
Access Server
Control
6
Server-Centric AC
Client
Request
Response
Access Server
Control
• Each server has its own AC policy
• The enforcement of the policy is at the
discretion of the server
7
Communal AC
(XACML & Others)
P
PDP: Policy Decision Point
PEP: Policy Enforcement Point
Client
Request
PDP
PEP
Server
Response
8
Communal AC
(XACML & Others)
P
PDP: Policy Decision Point
PEP: Policy Enforcement Point
Client
Request
PDP
PEP
Server
Response
• The policy can be enterprise wide
• But the enforcement is still at the discretion of the server
• Moreover, it is application-dependent
9
Communal AC
via central Reference Monitor (RM)
Request
Client
P
Server
Response RM
• Carries enterprise-wide policy
• Access control is mandatory
10
Communal AC via central RM
Request
Client
P
Server
Response RM
Client
Client
Server
• Not scalable, and potential bottleneck
11
Communal AC via LGI
Client
P
Req
P
Server
Resp
Controller
Controller
12
Communal AC via LGI
Client
P
Req
P
Server
Resp
Controller
Controller
• Both controllers carry the same policy
• Access control is mandatory, stateful,
fine-grained
13
Types of communication in WS
• Regulation of message exchange using LGI
(previous presentation)
• Significant portion of WS traffic is
synchronous (SOAP-RPC)
• Regulation of synchronous communication
has several peculiar aspects
14
Outline
• Enterprise-wide access control : motivation
• Current approaches and LGI-based solution
• Regulating synchronous communication
– Controlling the request arguments
– Controlling the answer
• Conclusions
15
Regulating synchronous
communication
• Control both the request and the response
• Regulate both at the client side and at the
server side—maintaining state in both
• Sensitive to:
– Request arguments
– Return value
– State, of both client and server; state of the
communication between the request and the
response
• Impose constraints on the communication
protocol: time-outs, load balancing, etc
16
Control over the request
• Purpose
– Specify under what condition a client can make
a certain request to a service
– different than what client can access the
service
• Access control based on:
– Source and target of the request, their state,
the request and its parameters
17
Control over the response
• Control information might be available only
at the time of the response
• The state of both the client and the server
are best updated based on response data
• For other purposes: auditing, accounting,
etc.
18
Response control : Example 1
• A healthcare system provides a generic
service to access a patient’s record.
• Clients can be both doctors and
researchers
• Doctors can access each record in full,
researches can access some of the
information within a record
• Access control scheme can blackout the
sensitive data in a record after the service
responds.
19
Response Example 1(cont’d)
Controller
Client
P
Controller
P
recordAns
------------diagnostic
medication
getRecord(id#)
Server
recordAns
ssn
name
diagnostic
medication
20
Response control : Example 2
• Researchers pay only if a request is
satisfied, and in proportion to the volume
of the data received
• Update the state (token, others…) of the
researcher only if the request was
successful
• Increase/decrease the reputation of the
server
• The answer itself determines the change in
the state of (either, both) server/client
21
Response Example 2(cont’d)
Controller
Client
P
Controller
P
getRecord(id#)
Server
recordAns
decreaseBudget
updateReputation
22
Implementation
• RRMI – Regulated RMI : source level RMI
compatible
– Full stub/skeleton generation
– RRMI Registry fully implemented with LGI
control
– Policies written in Java in a simple, concise
form.
– Good performance : overhead in the order of
few hundreds of micro-s/method call
– Part of a subsequent release of the Moses
platform
• Work in progress: move the protocol to
SOAP
23
Summary
• WS are required to comply to enterprisewide policies
– Several approaches in access control
– LGI control model for WS
• Synchronous interaction of WS
– Stateful and fine grained control
– Control over the reply in synchronous
interaction
24
Related documents
Book Reviews 397 his urinary bladder and the wound, and he
Book Reviews 397 his urinary bladder and the wound, and he
Katie Newhall Synchrony in stochastic pulse-coupled neuronal network models
Katie Newhall Synchrony in stochastic pulse-coupled neuronal network models
DAYLIGHTING CONTROLLER Greengate Models DLC-PDC
DAYLIGHTING CONTROLLER Greengate Models DLC-PDC
P2‐IC‐NLH‐16  NLH 2012 Capital Budget Application  Page 1 of 1 Re:  Project B‐5 Unit 1 and Unit 2 Generator Stator Rewind 
P2‐IC‐NLH‐16  NLH 2012 Capital Budget Application  Page 1 of 1 Re:  Project B‐5 Unit 1 and Unit 2 Generator Stator Rewind 
conflict of interests policy
conflict of interests policy
Anthropological perspectives
Anthropological perspectives
Document
Document
Java Direct Manipulation
Java Direct Manipulation
Electrical Machines-III
Electrical Machines-III
data sheet
data sheet
Game Agents 1
Game Agents 1
Document
Document