000000006 001__ 6
000000006 005__ 20130522141943.0
000000006 037__ $$aTEST-RefConfPaper-2005-001
000000006 041__ $$aeng
000000006 100__ $$aKonstantin Beznosov
000000006 245__ $$aExperience Report: Design and Implementation of a Component-Based Protection Architecture for ASP.NET Web Services
000000006 260__ $$c2005-10-16
000000006 300__ $$a16p
000000006 520__ $$aThis report reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. The limitations of Microsoft ASP.NET container security mechanisms render them inadequate for hosting enterprise-scale applications that have to be protected according to diverse and/or complex applicationspecific security policies. In this paper we report on our experience of designing and implementing a component-based architecture for protecting enterprisegrade Web service applications hosted by ASP.NET. Due to its flexibility and extensibility, this architecture enables the integration of ASP.NET into the organizational security infrastructure with less effort by Web service developers. The architecture has been implemented in a real-world security solution. This paper also contributes a best practice on constructing flexible and extensible authentication and authorization logic for Web services by using Resource Access Decision and Attribute Function (AF) architectural styles. Furthermore, the lessons learned from our design and implementation experiences are discussed throughout the paper. 
000000006 6531_ $$aComponent-Based Software Development
000000006 6531_ $$aEngineering Security Mechanisms
000000006 6531_ $$aWeb services
000000006 6531_ $$aASP.NET
000000006 8560_ $$fqiangw@ece.ubc.ca
000000006 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/6/files/6.pdf$$yTransfer from CDS 0.99.7
000000006 909C4 $$pKonstantin Beznosov, "Experience Report: Design and					Implementation of a Component-Based Protection Architecture for					ASP.NET Web Services," in Proceedings of the Eighth International					SIGSOFT Symposium on Component-based Software Engineering (CBSE), St.					Louis, Missouri, USA, SIGSOFT, 15-21 May, 2005, pp.337-352.
000000006 980__ $$aRefConfPaper