Skip to content
Licensed Unlicensed Requires Authentication Published by De Gruyter Oldenbourg May 31, 2014

Utilizing architecture models for secure distributed web applications and services

Stefan Wild

Dipl.-Inf. Stefan Wild is a researcher at Technische Universität Chemnitz and member of the chair for Distributed and Self-organizing Systems. Prior to that position, he worked for several years as a software developer at IBM Germany R&D. His research focuses on Trustworthy Social Networks. He is interested in the topics of Identity Management, Crowdsourcing and Social Business Computing.

Technische Universität Chemnitz, Str. der Nationen 62, 09111 Chemnitz, Germany, Tel.: +49-371-53139658, Fax: +49-371-531839658

EMAIL logo
and Martin Gaedke

Prof. Dr.-Ing. Martin Gaedke is Full Professor at the Department of Computer Science at the Technische Universität Chemnitz, and owner of the chair for Distributed and Self-organizing Systems. His research focuses on the Internet of Services, Web Engineering, and Business Agility.

Technische Universität Chemnitz, Str. der Nationen 62, 09111 Chemnitz, Germany, Tel.: +49-371-53125530, Fax: +49-371-53125539

Abstract

Today's Web applications are often compositions of distributed yet interconnected services that offer features and data through defined interfaces via standardized protocols. Providing a set of best practices for organizing and utilizing distributed capabilities, the service-oriented architecture design pattern largely contributed to this trend. To react on emerging customer requirements, using agile methodology for Web application development fits well in this context. While it allows promptly responding to change by adjusting the Web application architecture, security must be applied as a holistic approach throughout the entire Web application's lifecycle. There is a need for a flexible, expressive and easy-to-use way to model a Web application's architecture with a strong emphasis on security. This article discusses our work on extending the WebComposition Architecture Model towards a semantically enriched description of a Web application's architecture. For enabling systematic exploitation of such architecture descriptions, we utilize W3C's WebID identity mechanism, the WAC authorization method, and fine-grained filters. We explain how WebID can be applied to allow Web services to mutually authenticate and exchange data, e. g., interface definitions and service parameters, in a controlled way.

About the authors

Stefan Wild

Dipl.-Inf. Stefan Wild is a researcher at Technische Universität Chemnitz and member of the chair for Distributed and Self-organizing Systems. Prior to that position, he worked for several years as a software developer at IBM Germany R&D. His research focuses on Trustworthy Social Networks. He is interested in the topics of Identity Management, Crowdsourcing and Social Business Computing.

Technische Universität Chemnitz, Str. der Nationen 62, 09111 Chemnitz, Germany, Tel.: +49-371-53139658, Fax: +49-371-531839658

Martin Gaedke

Prof. Dr.-Ing. Martin Gaedke is Full Professor at the Department of Computer Science at the Technische Universität Chemnitz, and owner of the chair for Distributed and Self-organizing Systems. His research focuses on the Internet of Services, Web Engineering, and Business Agility.

Technische Universität Chemnitz, Str. der Nationen 62, 09111 Chemnitz, Germany, Tel.: +49-371-53125530, Fax: +49-371-53125539

Received: 2013-9-28
Accepted: 2014-4-4
Published Online: 2014-5-31
Published in Print: 2014-6-28

©2014 Walter de Gruyter Berlin/Boston

Downloaded on 31.1.2023 from https://www.degruyter.com/document/doi/10.1515/itit-2013-1031/html
Scroll Up Arrow