Jump to ContentJump to Main Navigation
Show Summary Details
More options …

it - Information Technology

Methods and Applications of Informatics and Information Technology

Editor-in-Chief: Conrad, Stefan

See all formats and pricing
More options …
Volume 56, Issue 3


Utilizing architecture models for secure distributed web applications and services

Stefan Wild / Martin Gaedke
Published Online: 2014-05-31 | DOI: https://doi.org/10.1515/itit-2013-1031


Today's Web applications are often compositions of distributed yet interconnected services that offer features and data through defined interfaces via standardized protocols. Providing a set of best practices for organizing and utilizing distributed capabilities, the service-oriented architecture design pattern largely contributed to this trend. To react on emerging customer requirements, using agile methodology for Web application development fits well in this context. While it allows promptly responding to change by adjusting the Web application architecture, security must be applied as a holistic approach throughout the entire Web application's lifecycle. There is a need for a flexible, expressive and easy-to-use way to model a Web application's architecture with a strong emphasis on security. This article discusses our work on extending the WebComposition Architecture Model towards a semantically enriched description of a Web application's architecture. For enabling systematic exploitation of such architecture descriptions, we utilize W3C's WebID identity mechanism, the WAC authorization method, and fine-grained filters. We explain how WebID can be applied to allow Web services to mutually authenticate and exchange data, e. g., interface definitions and service parameters, in a controlled way.

Keywords: ACM CCS→Security and privacy→Software and application security→Web application security; ACM CCS→Software and its engineering→Software notations and tools→System description languages→System modeling languages; Architecture description languages; Social network security and privacy; Software evolution

About the article

Stefan Wild

Dipl.-Inf. Stefan Wild is a researcher at Technische Universität Chemnitz and member of the chair for Distributed and Self-organizing Systems. Prior to that position, he worked for several years as a software developer at IBM Germany R&D. His research focuses on Trustworthy Social Networks. He is interested in the topics of Identity Management, Crowdsourcing and Social Business Computing.

Technische Universität Chemnitz, Str. der Nationen 62, 09111 Chemnitz, Germany, Tel.: +49-371-53139658, Fax: +49-371-531839658

Martin Gaedke

Prof. Dr.-Ing. Martin Gaedke is Full Professor at the Department of Computer Science at the Technische Universität Chemnitz, and owner of the chair for Distributed and Self-organizing Systems. His research focuses on the Internet of Services, Web Engineering, and Business Agility.

Technische Universität Chemnitz, Str. der Nationen 62, 09111 Chemnitz, Germany, Tel.: +49-371-53125530, Fax: +49-371-53125539

Accepted: 2014-04-04

Received: 2013-09-28

Published Online: 2014-05-31

Published in Print: 2014-06-28

Citation Information: it - Information Technology, Volume 56, Issue 3, Pages 112–118, ISSN (Online) 2196-7032, ISSN (Print) 1611-2776, DOI: https://doi.org/10.1515/itit-2013-1031.

Export Citation

©2014 Walter de Gruyter Berlin/Boston.Get Permission

Comments (0)

Please log in or register to comment.
Log in