An ninh cuối cùng cấp phải được giải quyết là tầng ứng dụng kế thừa, chẳng hạn như các máy tính lớn, cơ sở dữ liệu và các ứng dụng nondistributed, cư trú. Các ứng dụng hạng trung có thể sẽ có một nhu cầu cho các dữ liệu bổ sung tại một số điểm trong công việc. | Administrative Considerations for Web Services Security 343 make the access policy 100 percent correct. It appears feasible in theory or with small systems but it is just impossible in real life. You need to use several security mechanisms to avoid being vulnerable to potential policy errors. Following access control security audit is the next important aid. Audit Administration Security audit is generally considered a supplement to access control mechanisms for those cases when access policies or their enforcement are not strict enough to make users accountable thus allowing unauthorized access. With Web Services you will often find it necessary to balance between 1 making your Web Service implementations security-aware and processing an overwhelming amount of audit data and 2 resorting to other potentially unsafe techniques such as delegation. This necessity is due to the coarse granularity of the service-oriented interfaces provided by Web Services. Unlike most middleware technologies which enable fine-grained object-oriented computing Web Services tend to have the same entry point for accessing resources with different access requirements. For instance the Web Service of the eBusiness system has a ShoppingCartService which supports methods for manipulating all shopping carts. Among the three ways to provide adequate security for shopping carts thorough security auditing of accesses to shopping carts is Because of the supplementary nature of security audit and the risk of generating too much data audit policies should be carefully tuned to strike the right balance. For example since ShoppingCartService in eBusiness is vulnerable to attacks when customers read or modify the content of shopping carts owned by others security audit of invocations on behalf of the ShoppingCartService s methods is necessary. It s often a challenging task due to the limited capabilities of the audit mechanisms. In the implementation of eBusiness file and URL are the only
