Hecate,                         Managing Authorization with                                RESTful XML                    ...
Problem Statement                How can authorization on RESTful                resources can be performed under         ...
Schema of Architecture                                                                Hecate                              ...
• rule-nodes:                Each rule-node represents one specific permission. This                permission is bound to ...
Permission XML Model (PXD)           ‣ XML-based definition of operations             mapped to resources           ‣ Repr...
4 Properties of PXD           1. One URI can be guarded by multiple rules           2. Each rule maps to one HTTP-Verb    ...
</ floor >                                                             part of Hecate. Even if our Authorization Fr  21   ...
Workflow of Authorization          Get IDs of user                                        IDs found?                  Retu...
Resource-aware filtering           ‣ Optional           ‣ Bound to the the requesting resource              ✓ Kind        ...
</ house >     </ house >       3. XML-BASED RESOURCES                                    21            21                ...
</ house21                                                  >    </ house >       3. XML-BASED RESOURCES                  ...
Read Requests                         GET john.doe:secretpass@http://house/floor4                                          ...
Write Requests      Concerns about authorized writes:      ‣ Atomicity of modifications      ‣ Visibility of data      ‣… ...
Write Requests      Concerns about authorized writes:      ‣ Atomicity of modifications      ‣ Visibility of data      ‣… ...
VDocs      ‣ (Persistent / In-Memory) views on XML       ‣ Wrapping XQueries       ‣ On-the-fly annotating of elements    ...
XQuery function                requested resource together with a filtering XPath expres-e. So we consider               si...
Write Requests              Yes            Apply Changes                   HTTP-REQUEST                         Returning ...
Summary           ‣ Flexible authorization framework fitting the             extensibility of HTTP and REST           ‣ In...
Thanks for your                             attention                                 Any Questions now?                  ...
Upcoming SlideShare
Loading in …5
×

Hecate, Managing Authorization with RESTful XML

473
-1

Published on

WS-REST 2011.
Second International Workshop on RESTful Design.
Chairs: Cesare Pautasso, Erik Wilde, Rosa Alarcon.
<br>
Security Session. Sebastian Graf, Vyacheslav Zholudev, Lukas Lewandowski and Marcel Waldvogel.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
473
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Hecate, Managing Authorization with RESTful XML

  1. 1. Hecate, Managing Authorization with RESTful XML Sebastian Graf, Vyacheslav Zhouldev, Lukas Lewandowski, and Marcel Waldvogel Distributed Systems Group University of Konstanz & School of Engineering and Science Jacobs University 1Sunday, March 27, 2011
  2. 2. Problem Statement How can authorization on RESTful resources can be performed under the following constraints? 1. Variability of resources must be kept! 2. Different permissions must be offered for the same resource! 3. The extensibility of the framework must be ensured! 2Sunday, March 27, 2011
  3. 3. Schema of Architecture Hecate Authorization Framework Resources "lecture": { firstname : "Peter" "start": "April 4th", lastname : "Paul" "end": "June, 31st, "topic" "Web Apps" Requests & } user Responses <house> model <floor> … floor 4 PXD </floor> floor 3 </house> floor 2 floor 1 3Sunday, March 27, 2011
  4. 4. • rule-nodes: Each rule-node represents one specific permission. This permission is bound to one specific resource over the uri-attribute. Even if this attribute is mandatory, it User Model should not be used for unique identification since mul- tiple rules can map on the same URI allowing different operations. For unique identification of rules, an id - attribute is included within each rule linking the user ‣ Simple mapping of concrete to rules on the model to the PXD. The users permission ‣ Represented as a simple table Table 1: User Permissions user-id rule-ids john.doe 13 jane.doe 12 13 ... ... 4Sunday, March 27, 2011
  5. 5. Permission XML Model (PXD) ‣ XML-based definition of operations mapped to resources ‣ Representing rules and their mapping to ✴HTTP-functionalities ✴Resources ✴(Optional resource aware filters) 5Sunday, March 27, 2011
  6. 6. 4 Properties of PXD 1. One URI can be guarded by multiple rules 2. Each rule maps to one HTTP-Verb 3. Resource-awareness is possible 4. The representation of the resource is independent of the PXD 6Sunday, March 27, 2011
  7. 7. </ floor > part of Hecate. Even if our Authorization Fr 21 </ house > are also represents rulesets for filtering incoming re only parametrizable, that is it may con ables (like optional ability resourcesresponsespro also the URIs of the to overlay to be fo Listing 1 shows an example representing a house. The defined either in VDoc operation is represented b representations. This Spec itself or passed arrow from the Resources back to the Authoriz structure is partitioned into multiple floors including rooms, a VDoc obtaining. Parametersbetween URIs, work . All of the correlations may dramat doors and lamps. Such an example could represent an ab- content of VDoc whereas there only one V resources, response filters and users are well-d stract resource related to the Web of Things paradigm where As we will see in Section 3.2 the identifiers. PXD and referenced within unique single VD useddesignated ids modifying REST identifiers. to manage reflect these unique requests PXD Example different “things” are simply encapsulated into XML. Listing 2: XML Fragment denoting read access only fine-granular manner.detail in section 3.3. XML is described in Additionally,Management advanced fe 3.2 User one of the most < resources > ity to edit VDocs and process the modified 1 The Authorization Framework consists of < rule id ="12" perm_id ="22" changed parts of a PXD representing the rules components: The VDoc that came from fil 3 uri =" http :// house / floor /4"/ > will mapping and a storepropagated user-related be transparently handling all back to t < rule id ="13" perm_id ="23" ing static parts stores VDoc is not allowed; that the PXD of a no user-related data after 5 uri =" http :// house / floor /4"/ > processor should complain andunique identifi rules are identifiable within an disallow fu ... store references these unique identifiers. Figur 7 < data uri =" http :// house / floor /4"" > Naturally, VDoc XQuery results that are no example of the user model. < content > documents in a visible, the designbe edited ass As clearly storage cannot of the user 9 / house / floor [ @id =4] advantage of editing VDocs is is mapped to ca only out of the user-id which that users t </ content > from the to match e.g. ”john doe” is allowed to a rules physical documents in the reposito 11 </ data > 13 while ”jane doe” is able to access ruleset 12 semantically consistent objects (like theore ... focusingone ruleset mapswith differentone unique that only accessed always only rulesetsagg URI can be on relevant information as 13 < filter id ="43" > < link > logical unit. Section 3.3. / house / floor [ @id =4]// lamps The adaption of user permissions is decoup 3.2 Virtual Documents in Hecate 15 </ link > storage of the rules. If a new user is inserted, data filter checked if there is an existing rule matching th 17 </ filter > Given that our resources are in XML, the @urithe designated users permissions. If@id a new u < perm id ="22" filter_id ="43" so, verbs (like PUT oruser store with the suitable inserted into the POST) naturally may verb =" get "/ > Update statements@filter_id 19 < perm id ="23" verb =" get "/ > in the body to modify perm 21 </ resources > source. However, taking into account the @id Table 1: User Permissions grained filtering rules expressed via XPath Based on this example, List. 2 shows the PXD mapping @uri @perm_id Update modifications might be forbidden f user-id rule-ids rule the data of List. 1. As clearly visible, two different rules are @idTo overcome this problem we are prop john doe 13 mapping the denoted resource. While rule “13” allows the VDocs concept together with its 13 jane doe 12 editing ab ... ... retrieval of all data from the 4th floor, rule “12” filters the 7 losing a generality, we will assume that the same resource by only returning lamps-nodes. This addi-Sunday, March 27, 2011 statements are sent using the POST reque
  8. 8. Workflow of Authorization Get IDs of user IDs found? Returning 403 Returning 403 model related to No (forbidden) (forbidden) credentials Yes No Get rules matching Checking optional Nodes Receiving Request the URI, the REST Yes filter for matching found? verb and the IDs permission Yes Applying filter on either Forwarding Filter request or result and returning request and No available result returning result 8Sunday, March 27, 2011
  9. 9. Resource-aware filtering ‣ Optional ‣ Bound to the the requesting resource ✓ Kind ✓ Content ✓ Filter possibilities ‣ Flexible mapping to HTTP-Verbs 9Sunday, March 27, 2011
  10. 10. </ house > </ house > 3. XML-BASED RESOURCES 21 21 HTTP -operation. Related to Since XML offers flexible adaption 1 shows as enriched representing of the dataThe hous Listing as well an example an filtering representingseems n Listing 1 shows example a house. a structure is partitionedis partitionedbasedmultiple concept of VDo structure into multiple into on the floors including toolsets, multiple non-REST -aware resources are encapsu- floors including rooms, doors and an exampleeffective mechanism applicabl lated in XML for convenience reasons[16]. Therefore we Such could represent an represent doors and lamps. Such lamps. an example could ab- chose XML as the base for astractworld exampleresource related to the Web of Things paradigm real resource related to the Web of Things paradigm where stract including resource-aware filtering. different “things” are simply TheXML. 3.1 into Virtual Docum different “things” are simply encapsulated encapsulated into XML Example Listing 2: XML Virtual Documents (VDocs) Listing 1: A resource before modifying Fragment denoting integrating XQueries intoo Listing 2: XML Fragment denotingonly access for read access read 1 < house > 1 < resources >< resources > 1 tional devices and processing < floor id ="1" > < rule id ="12" perm_id ="22" As a rough approximation, < rule id ="12" perm_id ="22" 3 < room > 3 uri =" http :// house / floorhouse> floor /4"/ > to views in r 3 uri =" http :// /4"/ /views” analogous ... < rule id ="13" perm_id ="23" < rule id ="13" perm_id ="23" virtual tables in the sense tha 5 < lamps > 5 uri =" http :// house / floorhouse> floor /4"/ > 5 uri =" http :// /4"/ / queries computed on demand < lamp status =" OFF " id ="1.1"/ > ... ... 7 < data uri http uri =" http :// house / tables. Similarly, VDo database < lamp status =" OFF7" id ="1.2"/ > ="< data:// house / floor /4"" > floor /4"" > 7 </ lamps > < content > < content > computed on demand from t 9 </ room > 9 9 / [ @id / floor [ @id =4] in some storage (like / house / floorhouse=4] sented </ floor > </ content > </ content > ply, in a file system), present 11 ... 11 </ data >11 </ data > Furthermore they can be pres < floor id ="4" > ... ... < filter id ="43" > database or physical files writt 13 < room > 13 < filter id ="43" > 13 ... < link > < link > in relational databases, VDocs 15 < lamps > 15 15 tions in the interaction with c / house / floorhouse=4]// lamps =4]// lamps / [ @id / floor [ @id < lamp status =" OFF " id ="4.1"/ > </ link > </ link > VDocs are defined by a VD 17 < lamp status =" OFF " id ="4.2"/ > </ filter > 17 </ filter > 17 tially is a mixture of static X </ lamps > < perm id ="22" filter_id ="43" and rules ho < perm id ="22" filter_id ="43" XQuery queries 19 </ room > 19 verb =" get "/verb =" get "/ > 19 > should be injected into the r </ floor > < perm id ="23" verb =" get "/verb =" get "/ > < perm id ="23" > 21 </ house > 21 </ resources</ resources > 21 > are also parametrizable, that ables (like URIs of the resour Listing 1 shows an example Based on thisa example,this example, List. PXD in VDoc PXD m representing Based on The 2 shows theeither mapping 10 house. List. defined 2 shows the Spec it structure is partitioned into multiple floors the 1. As of List. 1. As a VDocdifferent twoParametersSunday, March 27, 2011 the data of List. data clearly visible, two obtaining. different ru including rooms, clearly visible, rules are
  11. 11. </ house21 > </ house > 3. XML-BASED RESOURCES 21 HTTP -operation. Related to Since XML offers flexible adaption as shows an 1 shows an filtering ofathe data Thehous Listing 1 well as enriched representingrepresentingseems n Listing example example house. a structure is partitionedbasedmultiple concept of into on the floors including structure is partitioned into multiple floors including rooms, VDo toolsets, multiple non-REST -aware resources are encapsu- doors Such an example could represent anapplicabl effective mechanism ab- lated in XML for convenience reasons[16]. Therefore we Such an example could represent doors and lamps. and lamps. real world exampleresource related to the Web of Things paradigm stract including chose XML as the base for a stract resource related to the Web of Things paradigm where resource-aware filtering. different simply encapsulatedThe Virtual Docum 3.1 into XML. different “things” are “things” are simply encapsulated into XML ExampleListing 2: XML Virtual Documents (VDocs) Listing 1: A resource before modifying Fragment denoting read access only access o Listing 2: XML Fragment denoting read for integrating XQueries into 1 < house > 1 < resources < resources > 1 > tional devices and processing < floor id ="1" > < rule id ="12" perm_id ="22" As a rough approximation, < rule id ="12" perm_id ="22" 3 < room > 3 uri =" http :// house / floor /4"// floor /4"/ > to views in r 3 uri =" http :// house > views” analogous ... < rule id ="13" perm_id ="23" < rule id ="13" perm_id ="23" virtual tables in the sense tha 5 < lamps > 5 uri =" http :// house / floor /4"// floor /4"/ > 5 uri =" http :// house > queries computed on demand < lamp status =" OFF " id ="1.1"/ > ... ... 7 7 ="1.2"/ > < http uri =" http :// house >tables. Similarly, VDo 7 database < lamp status =" OFF " id < data uri =" data :// house / floor /4""/ floor /4"" > </ lamps > < content > < content > computed on demand from t 9 </ room > 9 / house / floor [ @id/ floor [ @id =4] in some storage (like 9 / house =4] sented </ floor > </ content > </ content > ply, in a file system), present 11 ... 11 </ data11 > </ data > Furthermore they can be pres < floor id ="4" > ... ... database or physical files writt 13 < room > 13 < filter id < filter id ="43" > 13 ="43" > ... < link > < link > in relational databases, VDocs 15 < lamps > 15 15 tions in the interaction with c / house / floor [ @id/ floor [ @id =4]// lamps / house =4]// lamps < lamp status =" OFF " id ="4.1"/ > </ link </ link > VDocs are defined by a VD 17 < lamp status =" OFF " id </ filter > </ filter > 17 ="4.2"/ >17 tially is a mixture of static X </ lamps > < perm id ="22" filter_id ="43" and rules ho < perm id ="22" filter_id ="43" XQuery queries 19 </ room > 19 verb =" get "/ > =" get "/ > 19 verb should be injected into the r </ floor > < perm id ="23" verb="23" "/ > =" get "/ > < perm id =" get verb 21 </ house > 21 </ resources > resources > 21 </ are also parametrizable, that ables (like URIs of the resour Based on this example, List. 2 shows the showsVDoc PXD it defined either in the Spec Listing 1 shows an example representing Based on this example, List. 2PXD mapping m 11 a house. The structure is partitioned into multiple floors the data ofclearly1. As a VDoc obtaining. ParametersSunday, March 27, 2011 the data of List. 1. As rooms, visible, two different rules are ru including List. clearly visible, two different
  12. 12. Read Requests GET john.doe:secretpass@http://house/floor4 HTTP-REQUEST house DATA lamps floor lamp lamp @id=4 room PERMITTED lamps room DATA lamp lamp http://house/ /house[./floor/@id=4]//lamps/* RESOURCE XPath RESPONSE 12Sunday, March 27, 2011
  13. 13. Write Requests Concerns about authorized writes: ‣ Atomicity of modifications ‣ Visibility of data ‣… Clear definition of constraints going along with modification requests: ‣ Weakening Authorization? ‣ Persistent Views? 13Sunday, March 27, 2011
  14. 14. Write Requests Concerns about authorized writes: ‣ Atomicity of modifications ‣ Visibility of data ‣… Clear definition of constraints going along with modification requests: ‣ Weakening Authorization? ‣ Persistent Views? (e.g. VDocs in XML) 14Sunday, March 27, 2011
  15. 15. VDocs ‣ (Persistent / In-Memory) views on XML ‣ Wrapping XQueries ‣ On-the-fly annotating of elements ‣ Consists out of ‣ VDoc processor ‣ VDoc specification In our context: On-the-fly annotating of permissions to verify valid permissions on intermediate result 15Sunday, March 27, 2011
  16. 16. XQuery function requested resource together with a filtering XPath expres-e. So we consider sion to an authorization VDoc Spec (see Section 3.2). A resultsion. VDoc will have elements amenable to modifications marked with special VDoc attributes 3 . After the content of VDoc is ied with a POST retrieved, a supplied XQuery Update expression is applied content. to it (see List. 3).fied and the origi- VDoc-Example Listing 3: A marked and modified resource < house > that were marked 2 < floor id ="1" >a VDoc processor < room >ot changeable are 4 ... an error code to < lamps > 6 < lamp status =" ON " id ="1323412"/ > bidden response < lamp status =" ON " id ="5456"/ > two options how 8 </ lamps > </ room > 10 </ floor > ...g markers filtered 12 < floor id ="4" > < room > 14 ...ment to the un- < lamps > 16 < lamp vdoc : uri ="..."arantee that this vdoc : xpath ="/ house [1]/ floor [4]/ room [1]/ lamp [1]"allowed nodes in 18 status =" ON " id ="3443"/ > < lamp vdoc : uri ="..." 20 vdoc : xpath ="/ house [1]/ floor [4]/ room [1]/ lamp [2]" status =" ON " id ="5456"/ >he underlying sys- 22 </ lamps >nse for the client. </ room > 24 </ floor > ides fine-granular </ house > several disadvan- for the flexibility Note that the status of 16 marked lamps (for the floor not Sunday, March 27, 2011 1) have also been modified. A VDoc processor will compare
  17. 17. Write Requests Yes Apply Changes HTTP-REQUEST Returning 403 POST john.doe:secretpass@http://house/floor4 (forbidden) for $status in /house//lamp/@status return only marked No Body replace value of node $status with "ON" Nodes modified mod.VDoc house VDoc te da house VDoc Up floor floor ery Marking Nodes Spec u XQ room @id=4 room @id=4 room room lamps lamps /house[./floor/@id=4]//lamps lamp lamp lamp lamp Permission-XPath 17Sunday, March 27, 2011
  18. 18. Summary ‣ Flexible authorization framework fitting the extensibility of HTTP and REST ‣ Independence from resources ‣ Optional extension of authorization workflow with the help of in-depth knowledge ‣ Implementation in JAX-RX (Treetank) and TntBase 18Sunday, March 27, 2011
  19. 19. Thanks for your attention Any Questions now? (or later: sebastian.graf@uni-konstanz.de) 19Sunday, March 27, 2011
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×