SC-WS: A Context-based, Aspect-oriented Approach for Handling Security Concerns in Web Services

摘要

This paper discusses Aspect-Oriented Programming (AOP) as an efficient way to handle security concerns in Web services. Without AOP, the necessary security code would be mixedwith the business logic that a Web service implements. This renders the maintenance of both code and business logic tedious and prone to errors. AOP allows confining codes of non-functional concerns like security and self-healing into specific modules so that they do not cross-cut with the Web service's business logic. The proposed aspect-oriented approach in this paper is built upon three levels referred to as user, component, and resource, and adopts three types of context, one context per level. The contexts contain various details on the environment of Web services, which permits activating the necessary aspects in response to these details. A set of experiments validating this approach are also reported in this paper.