[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: SOAP-RPC and REST and security

• To: 'Michael Brennan' <Michael_Brennan@A...>, xml-dev@l...
• Subject: RE: SOAP-RPC and REST and security
• From: "Bullard, Claude L (Len)" <clbullar@i...>
• Date: Wed, 20 Feb 2002 16:17:00 -0600

Thank you, Michael.   

The idea of implementing that at the 
data access layer is good.  My guess is that a 
goodly sized db (say, 4000+ fields and use of 
remote views) would present a challenge to the 
designer of the business rules.  Also, any 
parts of the products that use remote views 
directly across the product would never see the 
business rules.  Challenging.

Note: this isn't related to this thread, but 
field level security comes up a lot these days.

len

-----Original Message-----
From: Michael Brennan [mailto:Michael_Brennan@A...]

It does add some overhead, but it also pays off in terms of affording rich
functionality. Our software is explicitly designed to support a vendor's
extranet for partners. The models for what privileges vendors wish to accord
to specific partners can get fairly complex, and would be unmanageable IMO
with a straightforward ACL model. The sort of business functionality
requires the sort of flexibilty that our model affords. The field level
security is accomplished by integrating it with our data access layer and
keeping developers from hitting the database directly. So the overhead is
largely just a matter of interpreting and reformulating SQL DML statements
(based on customizable business rules) rather than just passing them blindly
on through to the database.

• Follow-Ups:
  • Re: SOAP-RPC and REST and security
    • From: Gavin Thomas Nicol <gtn@r...>

• Prev by Date: RE: SOAP-RPC and REST and security
• Next by Date: RE: SOAP-RPC and REST and security
• Previous by thread: RE: SOAP-RPC and REST and security
• Next by thread: Re: SOAP-RPC and REST and security
• Index(es):
  • Date
  • Thread