{"title":"n层系统中的身份传播","authors":"Anil C Patel, M. McRoberts, Melissa Crenshaw","doi":"10.1109/MILCOM.2009.5379926","DOIUrl":null,"url":null,"abstract":"While SOA promises great benefits in productivity and flexibility, the tools for securing these systems continue to lag behind. The ideal of SOA security is to provide trusted containers and frameworks that enforce policies established during deployment, and remove security logic and policy from application code completely. Standards such as WS-Security address some of the issues, but enterprise systems don't stop and start with web services. In an N-tier the user is authenticated at the client platform, and this authentication will ultimately determine access to resources in back-end data stores. The challenge is to create a framework for the end-to-end propagation of user credentials across N-tiers, which doesn't rely on custom security code within applications. This paper will describe a working prototype framework that propagates user credentials through web application, web service and database tiers, and applies label-based access control (LBAC) policies within the database. The paper will also outline known gaps in web and SOA standards, and directions for future work.","PeriodicalId":338641,"journal":{"name":"MILCOM 2009 - 2009 IEEE Military Communications Conference","volume":"190 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Identity propagation in N-tier systems\",\"authors\":\"Anil C Patel, M. McRoberts, Melissa Crenshaw\",\"doi\":\"10.1109/MILCOM.2009.5379926\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"While SOA promises great benefits in productivity and flexibility, the tools for securing these systems continue to lag behind. The ideal of SOA security is to provide trusted containers and frameworks that enforce policies established during deployment, and remove security logic and policy from application code completely. Standards such as WS-Security address some of the issues, but enterprise systems don't stop and start with web services. In an N-tier the user is authenticated at the client platform, and this authentication will ultimately determine access to resources in back-end data stores. The challenge is to create a framework for the end-to-end propagation of user credentials across N-tiers, which doesn't rely on custom security code within applications. This paper will describe a working prototype framework that propagates user credentials through web application, web service and database tiers, and applies label-based access control (LBAC) policies within the database. The paper will also outline known gaps in web and SOA standards, and directions for future work.\",\"PeriodicalId\":338641,\"journal\":{\"name\":\"MILCOM 2009 - 2009 IEEE Military Communications Conference\",\"volume\":\"190 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-10-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"MILCOM 2009 - 2009 IEEE Military Communications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MILCOM.2009.5379926\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2009 - 2009 IEEE Military Communications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.2009.5379926","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
While SOA promises great benefits in productivity and flexibility, the tools for securing these systems continue to lag behind. The ideal of SOA security is to provide trusted containers and frameworks that enforce policies established during deployment, and remove security logic and policy from application code completely. Standards such as WS-Security address some of the issues, but enterprise systems don't stop and start with web services. In an N-tier the user is authenticated at the client platform, and this authentication will ultimately determine access to resources in back-end data stores. The challenge is to create a framework for the end-to-end propagation of user credentials across N-tiers, which doesn't rely on custom security code within applications. This paper will describe a working prototype framework that propagates user credentials through web application, web service and database tiers, and applies label-based access control (LBAC) policies within the database. The paper will also outline known gaps in web and SOA standards, and directions for future work.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
