[Wsf-general] Exposing a Database as a Webservice

[Chamil Thanthrimudalige]

On Feb 27, 2007, at 9:51 AM, James Clark wrote:

>
>> In the first method WSAS will authenticate the user and then use the
>> authorization details in it's system to do the access control. In
>> this all permissions will be controlled through the security module
>> inside WSAS. WSAS will login and access as itself.
>>
>> In the second method the user will send the authentication and
>> authorization details and these details will be used when accessing
>> the database. Please note the Security Token that will be used will
>> not be some thing that is special to the Database service.
>
> Can these be mixed?  I would expect one common scenario would be that
>
> - the database would have a "guest" user that would be allowed read- 
> only
> access to non-sensitive data
>
> - when using the first method, WSAS would login and access as this  
> guest
> user
>
> - for access that requires more privileges that the database guest  
> user
> allows, the second method would be used

What we can do is have the connection settings for the gust user in  
the configuration file and the for each operation add another  
attribute to denote whether to use the guest account or to use the  
details given by the party invoking the service. Or else we can make  
two services with two different types of access control, however I  
think the first method might be more practical.

The attribute name can be "access-control" which can have "wsas" as  
the value to denote that access control will be done from with in  
WSAS or can have "database" to denote that the database will do it.

Best Regards,
Chamil Thanthrimudalige

>
> James
>
>
>