A User Management System for Federated Databases Using Web ...

A User Management System for Federated Databases Using Web Services Fuyu Liu1 and Erdogan Dogdu2 1

School of Computer Science, University of Central Florida, Orlando, Florida, USA [email protected] 2 Computer Engineering Dept., TOBB Economics and Technology University, Ankara, Turkey [email protected]

Abstract. A federated database system (FDBS) is a distributed system that consists of a number of autonomous and heterogeneous database management systems (DBMS). Administration of a FDBS is a challenging task due to the heterogeneity of database management systems in the FDBS, heterogeneous platforms these DBMS are deployed on, and non-standard access protocols these systems provide. One of the important tasks in the management of FDBS is user management. In this paper we propose a new architecture for user management in FDBS, based on the “web services” middleware. The system includes a Central Controller for maintaining a directory of component databases, database access roles, and users. Each database component and the Central Controller are accessed via web services providers that are deployed on each component site. These web services are lightweight interfaces hiding the heterogeneity of different platforms. The system is highly scalable and portable. New DBMS can be easily added to the FDBS after the web services interfaces for the regarding DBMS are installed on the component sites.

1 Introduction Information integration and process automation are two top-priority challenges in the business world. These challenges are mostly met via customized programming which is expensive, difficult, and error-prone. In this paper, we address both issues in the context of federated database systems. Information integration problem is solved with two approaches. Either (1) all databases are consolidated into a central location, processed, and made accessible to the interested parties, or (2) data is accessed “in place” via technological solutions such as a federation technology. First solution, consolidation, is an expensive one and it also does not provide real-time data. With the recent developments in networks, technology, and distributed computing, now it is easier to realize the second approach. In this paper, we attempt to extend the federation technology via recent technological developments in distributed computing middleware. In our study, “web services” middleware is used as the enabling technology to advance the user management and access control in federated database systems. A Federated Database System (FDBS) is composed of a number of heterogeneous databases and is usually distributed [1, 3]. The differences among these component M. Gavrilova et al. (Eds.): ICCSA 2006, LNCS 3983, pp. 88 – 97, 2006. © Springer-Verlag Berlin Heidelberg 2006

A User Management System for Federated Databases Using Web Services

89

databases could originate from different types of databases or from different versions of the same database system type. The heterogeneity in federated databases poses challenges in building a federated database management system (FDBMS) [4]. An FDBMS needs to support applications or users submitting SQL statements referencing more than one database in a single statement. Access control becomes quite important here. While applications or users try to access data from databases, FDBMS should check if the application or the user has the appropriate access privileges to specific DBMSs or not. User maintenance in a federated database system is also a challenging task. Typically, for different types of DBMSs, different client tools are needed to administer databases remotely. But, in a federated database system this becomes quite cumbersome; there is not a single integrated view over the whole system. While still in its early stage, web services [2] technology and the resulting Service Oriented Architecture (SOA) is becoming a popular choice in building distributed software systems. A web service is a remote application that is accessible via standard Internet protocols. Web services middleware is not a completely new idea, but it demonstrates a new way of using software over the Internet and has a promising future. In this paper, we propose a new infrastructure to solve the user management and access control problem in federated database systems using web services technology. In our design, each database server is equipped with a unique and secure add-on web services interface for user and access control. Once each member database system is enabled with this standard user and access control mechanism, managing databases can be done remotely from a designated central control mechanism, or from any other remote application. Due to the unique advantages of web services technology, our proposal is independent from any specific database management system technology and its propriety interfaces, therefore providing a standard and easy to use mechanism for user management and access control in federated database systems. The rest of the paper is organized as follows: in Section 2, we present the background on federated database systems and web services. Related work follows in Section 3. In Section 4, we discuss our proposed solution in detail. Finally, Section 5 concludes the paper.

2 Background In this section, we talk about access control in federated database systems first, and then give a brief background on web services. 2.1 Access Control in Federated Database Systems (FDBS) A federated database system integrates existing and possibly heterogeneous databases while preserving their autonomy. Access control refers to the access rights and their control in a DBMS. Access rights are those such as read, write, update, delete operations on database artifacts such as tables and views, and the control of these privileges involves operations like grant and revoke for users and user groups. Access control is a difficult issue in a federated database system. Users may have different

90

F. Liu and E. Dogdu

privileges in accessing data in different databases; therefore, there should be some kind of access control mechanism to deal with the security problems in these distributed environments. In a loosely coupled federated system, security problems are similar to those in traditional databases; each component database handles its own access control [5]. Because there is no federation authority, a security policy for the federation does not exist. In a tightly coupled federated database system, on the other hand, a federation authority exists and it has its own access control mechanisms. Access to data can be seen at two different levels: at the federation level, where users explicitly require access to the federated data; and at the local level, where local requests corresponding to global requests must be processed. Access control can be executed at both levels [3]. 2.2 Web Services Web services can be described as any functionality that is accessible over the Internet using XML messages in the communication protocol. The most important underlying architecture of web services is Service Oriented Architecture (SOA). An SOA focuses on how components are described, integrated and organized together to support the automatic and dynamic discovery, binding, and usage of web service functionalities. There are three major roles in a typical SOA architecture: a service provider, a service broker, and a service requestor. Currently, web services framework consist of at least the following protocols: SOAP, WSDL, and UDDI. SOAP (Simple Object Access Protocol) is a lightweight protocol based on XML for exchange of information in a decentralized, distributed environment. WSDL (Web Service Description Language) is also XML based. The purpose of WSDL is to describe web services in a standard way. After a web service is published, a Universal Description, Discovery and Integration (UDDI) registry serves as a public repository for web service information.

3 Related Work Mehrotra and coauthors first proposed the idea of providing database as a service [14]. In that paper, they focused on how to provide services to access one single database. More recently, Thakar et al proposed SkyQuery [15], which utilizes web services to answer queries in federated databases. They suggest a good algorithm to evaluate a probabilistic federated spatial join query. Zhub et al try to exploit web services to support dynamic data integration in a federated environment [17]. Access control in distributed systems is also a popular research topic. Bertino et al propose an XML-based access control language (X-RBAC) which provides a framework for specifying mediation policies in a multi-domain system [16]. Bertino et al later extend the X-RBAC language to support temporal role based access control [19]. In [18] Barker et al exploit the usage of the formally specified RBAC policies to support federated relational database access over the network. For grid computing environments, Raman et al present a layer of services providing data transparency to


91

end users and enable ease of information access [12]. Other than the access control problem, in [11] Chun et al discuss the trust management problem in a federated system and propose a layered architecture to address the problem. There are also a number of commercial tools available as Federated Database Management Systems [6, 7, 8, 9, 10]. Unfortunately, these systems either do not address the user management problem or do not support access control policies across the whole federated system.

4 Federated Database User Management System In the previous two sections, we covered the background and related work. Although there are some commercial products available as Federated Database Management Systems, they are either too expensive or do not provide a generic way to access databases remotely. Considering the benefits web services provide, such as the ability of invoking methods remotely via standard web protocols (like HTTP), in this paper, we propose a Federated Database User Management System using web services technologies. In this system a web service is deployed on each one of the component database system. Administrators or ordinary database users can access component database systems via standard web service calls. Only a simple web service client is needed to consume these web services deployed. There is no need for other remote access clients. Also, in our system services like granting global privileges to users at other databases are enabled. By combining access control abilities provided by individual databases and global privileges enforced by our system, we can realize a federated access control mechanism for the whole federated database system. In this section, we will first introduce the features of our system. After that, the architecture of our system will be presented. Then, the data that needs to be saved in the system will be discussed in detail. The next two subsections go over the deployed web services and the client program. How to deploy the system is discussed in the end of this section. 4.1 Features The following are the main features of our Federated Database User Management System: a. Manage database users remotely as a database administrator. Most commands issued by DBAs are supported. b. Grant privileges remotely as an ordinary user. Privileges include local privileges granted to users residing on the same database and global privileges granted to users on other databases. c. Add new databases or delete existing databases from the Federated Database System. d. Access control support for global query execution.

92

F. Liu and E. Dogdu

4.2 Architecture The whole system is composed of three modules: Client, Central Controller, and Component Database (Fig. 1). In Figure 1, Web Service-I (WS-I) is the Central Controller Web Service. This web service is responsible for adding databases to the system, removing databases from the system, and storing access control information. Web Service-II (WS-II) is the Remote DBA Service. WS-II communicates with the component database directly via Java Database Connectivity API (JDBC), or similar technologies such as Open Database Connectivity (ODBC).

WS Client SOAP

SOAP

WS-I, Central Controller JDBC

SOAP

SOAP

WS-II

WS-II

JDBC DB

WS-II JDBC

DB

DB

DB

Fig. 1. Architecture of User Management System

With WS-II, database administrator could manage users and roles on individual databases and ordinary database users could grant privileges to other users located on the same database (or revoke them). After reading database information from Central Controller, the web service client talks to individual databases directly. In this framework, the Central Controller has a role similar to a directory service in SOA. 4.3 Data Stored in Central Controller In order to keep database and user access control information, we need to have a database at the Central Controller to store that information. This information could be accessed and modified by the web services deployed on the Central Controller (WS-I). Three tables will be used to keep the information we need: dbs, ccusers, and ccprivileges. dbs table is used to store information about component databases. ccusers table holds information about those database users who have granted global privileges to users from other databases. ccprivileges table is used to store user access privileges information. Schemas for the three tables are given below: create table dbs ( logicalname varchar2(10) type varchar2(20),// location varchar2(30),// name varchar2(20),// portNumber integer); create table ccusers (

primary key, database type physical address database name


93

logicalname varchar2(10) references dbs, username varchar2(20), password varchar2(20)); create table ccprivileges ( grantordb varchar2(10) references dbs(logicalname), grantor varchar2(20), privilege varchar2(20), objectname varchar2(50), granteedb varchar2(10) references dbs(logicalname), grantee varchar2(20));

Both username and password are stored in the ccusers table such that whenever a user issues a global query to access another user’s object, the second user’s password could be utilized to get the requested object. Passwords are encrypted to enhance security. The ccprivileges table is to store all global privileges granted. Each time when a new global privilege is granted, grantor’s information in the ccusers table will be created if it does not exist or be updated if it exists. Each time a global privilege is revoked, the system will check the ccprivileges table to see if there are access privileges granted by that grantor. If there is no other access privileges granted by the same grantor, the grantor’s entry in the ccusers table will be removed for security reasons. In order to access the three tables stored in the database, we need to know how to connect to the database and more importantly, the username and password to access that database. We use an XML file for this purpose. Whenever it is needed, this information is retrieved by the web services deployed on the Central Controller and used afterwards. 4.4 Deployed Web Services We present the two deployed web services in detail in this section. The Remote DBA Service is deployed on the site of each component database. Different types of database platforms will have different types of implementations for this service. The Central Controller Service is used for manipulating databases, and granting/revoking global privileges. 4.4.1 Remote DBA Service Available methods in this web service are: createUser, deleteUser, modifyUserPasswd, viewAllUsers, createRole, dropRole, viewAllRoles, grantRole, revokeRole, grantPrivilege, revoke-Privilege, authenticateUser. Considering the similar syntax used while granting roles and granting system privileges (e.g. connect, resource), we use methods grantRole and revokeRole to take care of system privilege manipulations. Methods grantPrivilege and revokePrivilege will be used to manipulate object privileges (e.g. select, update, delete). To demonstrate parameters used in these methods, we give one example here. The following example shows the parameters used in method createUser. There are seven input variables: createUser ( String dbLocation, String dbName, String portNumber, String username, String passwd, String newUsername, String newUserPasswd)

94

F. Liu and E. Dogdu

The first five parameters represent database location, database name, port number, user name, and user password respectively. These parameters are required for most methods in this web service. New user name as well as a password is needed for creating a new user. All other methods have similar input variables. 4.4.2 Central Controller Service The following methods will be deployed in this service. a) grantPrivilege: This method is used to grant global privilege. For instance, user1 at db1 wants to grant certain privilege (e.g. select) on his/her table1 to user2 at db2. There are seven input parameters for this method as shown below: grantPrivilege ( String grantorDBLocation, String grantor, String grantorPasswd, String privilege, String objectName, String granteeDB, String grantee)

Parameters grantorDB, grantor, privilege, objectName, granteeDB, and grantee will be stored in the table ccprivileges at the Central Controller. Parameters grantorDB, grantor, and grantorPasswd will be stored in the table ccusers at the Central Controller. b) revokePrivilege: The opposite of method grantPrivilege c) viewAllPrivileges: To view all global privileges in the whole FDB system. d) checkPrivilege: To check if the requested privilege exists or not. e) viewPrivilegeByGrantor: Used by the Central Controller’s administrator to view privileges granted by certain grantor. Grantor is identified by the username and the name of database where the user is located. f) viewPrivilegeByGrantee: Used by the Central Controller’s administrator to view privileges received by certain grantee. g) viewPrivilegeGrantedByMe: Used by grantors to check privileges that they grant to other users. h) authenticateUser: To authenticate Central Controller’s administrator. Only the Central Controller’s administrator has the privilege to add a new database or delete a database. i) viewAllDBs: To pull out all available databases in the whole FDB system. j) addDB: To add a new database to the whole FDB system. Only the Central Controller’s administrator has the privilege to invoke this method. k) deleteDB: The opposite of method addDB. 4.5 Client Program Client program serves as a prototype tool to consume the two web services introduced above. The interface of the client program consists of a series of four screens. The first screen is called Login Screen, where a user or an administrator can access all databases in the FDB system, and then login into a selected database. The second screen is Administrator Screen, designed for the database administrator. The third screen is User Screen, which is for ordinary database user. The fourth screen is Central Controller Screen, which is used only by the Central Controller’s administrator to manage the whole system.


95

4.5.1 Login Screen After the client program is launched, user will be presented with the Login Screen (Figure 2). In this screen, user is asked to provide the address of the Central Controller web service. Then the user can select one database from the list and then login into the selected database either as a normal user or an administrator. From the database list, user can also choose the Central Controller server. In this case, user must login as an administrator to manipulate existing databases and view existing global privileges.

Fig. 2. Login Screen

4.5.2 Administrator Screen An administrator screen is provided for database administrators as shown in Figure 3. A series of commands are available to the administrator on the left column. Administrator can manage users, roles, and privileges. Administrator needs to select a command from one of these radio buttons on the left column. To make the user management task easier, our system also enables administrators to view all users/roles in a database.

Fig. 3. Administrator Screen

96

F. Liu and E. Dogdu

4.5.3 User Screen If a user chooses to login into a database as an ordinary user, the User Screen is displayed. There are five options available to an ordinary user. User can grant/revoke local or global privileges and view all global privileges where the user acts as the grantor. Granting global privileges is to give users from other databases the permission to access data on this database, which is quite important for information sharing and access control in Federated Database Systems. 4.5.4 Central Controller Frame While in the Login Frame, user could also choose the Central Controller to login in. In this case, user is required to login as an administrator since ordinary users do not have privileges to manage data in Central Controller. Central Controller’s administrator can view all databases in the whole FDBS. Administrator can add databases to the system or delete databases from the system. To help the management of global privileges, we provide three options here: view all global privileges in the system, view global privileges based on grantor’s name and view privileges based on grantee’s name. 4.6 Implementation and Deployment We implemented this Federated Database User Management System using Java technology. Two different versions of client programs were developed. One is a stand-alone Java-based program, and the other one is a web-based system. Apache Axis [13] is used for the development, test, and deployment of the web services. To deploy web services in an Apache Axis environment, we need to write a Web Service Deployment Descriptor (WSDD) file first to specify the names for the web services, and use that file to deploy web services. Undeploying web services is just the opposite. An undeployment descriptor is needed to indicate the service names to be removed.

5 Conclusions In this paper, we designed and implemented a Federated Database User Management System using Web Services technology. In this Federated Database system, a server is used as a Central Controller, where all information about individual databases and global privileges are stored. Two kinds of web services are developed to implement this system. The Remote DBA Service is for a database administrator or an ordinary user to access databases remotely via standard web services calls. This service is deployed on the server of each database component on top of Apache Axis platform. The Central Controller Service is for administrating the Central Controller of FDBS, accessing and modifying data stored on the Central Controller. To the best of our knowledge, Federated Database User Management System is the first implementation of its kind using Web Services technology. Web Services technology provides flexibility and interoperability to this system. Deployed web services can be integrated with other web services. Extensions can be easily made based on the original web services. The system is scalable and portable. To add an extra


97

database to the federated database system, one only needs to add the new database information to the Central Controller and deploy the corresponding RemoteDBAService on the newly added database machine.

References 1. Amit Sheth, James Larson, “Federated Database Systems for Managing Distributed, Heterogeneous, and Autonomous Databases”, ACM Computing Surveys, 22(3), pp 183-236, 1990. 2. “Web Services Activity”, http://www.w3.org/2002/ws 3. S.D.C di Vimercati, P. Samarati, “Access Control in Federated System”, ACM New Security Paradigm Workshop, Lake Arrowhead, CA, 1996. 4. Mario Piattini, Oscar Diaz, Advanced Database Technology and Design, 2000 Artech House Inc. 5. Dirk Jonscher , Klaus R. Dittrich, “An Approach For Building Secure Database Federations”, Proc. of the 20th VLDB Conference, Santiago, Chile, 1994 6. Marjorie Templeton, Herbert Henley, Edward Maros, Darrel J. Van Buer, “InterViso: Dealing With the Complexity of Federated Database Access”, VLDB Journal 4(2): 287-317(1995) 7. Laura Haas, Eileen Lin, “IBM Federated Database Technology”, DB2 Developer Domain, March 2002, see: http://www-106.ibm.com/developerworks/db2/library/techarticle/0203haas/0203haas.html 8. “Heterogeneous Data Access”, www.oracle.com/gateways/ 9. “Database Administration Suite for Distributed RDBMS: Heterogeneous Database Administration”, http://www3.ca.com/Solutions/Product-Family.asp?ID=2858 10. Jayavel Shanmugasundaram, Jerry Kiernan Eugene, Shekita Catalina, Fan John Funderburk, “Querying XML Views of Relational Data”, Proc. of the 27th VLDB Conference, 2001. 11. Brent N. Chun and Andy Bavier, “Decentralized Trust Management and Accountability in Federated Systems”, 37th Hawaii Int. Conf. On System Sciences, 2004 12. Vijayshankar Raman,Inderpal Narang, Chris Crone, Laura Haas, Susan Malaika, Tina Mukai, Dan Wolfson, Chaitan Baru, “Data Access and Management Services on Grid”, The Fifth Global Grid Forum, 2002 13. “Apache Web Services”, see: http://ws.apache.org/axis/ 14. Hakan Hacigumus, Bala Iyer, and Sharad Mehrotra, “Providing Database as a Service”, Proceeding of ICDE, 2002. 15. Tanu Malik, Alex Szalay, Tamas Budavari, and Ani R. Thakar, “SkyQuery: A Web Service Approach to Federated Databases”, Proceeding of CIDR Conference, 2003. 16. James B.D. Joshi, Rafae Bhatti, Elisa Bertino, and Arif Ghafoor, “Access-Control Language for Multidomain Environments”, IEEE Internet Computing, 2004 17. Fujun Zhub, Mark Turnera, Ioannis Kotsiopoulosc, Keith Bennettb, Michelle Russelld, David Budgena, Pearl Breretona, John Keanec, Paul Layzellc and Michael Rigby, “Dynamic Data Integration using Web Services”, IEEE ICWS 2004 18. S. Barker, P. Douglas, “Protecting federated databases using a practical implementation of a formal RBAC policy”, Information Technology: Coding and Computing, 2004 19. Rafae Bhatti, Arif Ghafoor, and Elisa Bertino, “X-GTRBAC: An XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control”, ACM Tran. On Information and Sys. Security, 2005