home -> developer -> SQL -> tutorial -> overview
back next

Overview

A relational database is a flat information space. Using the WaterkenTM RDB Webizer, you can carve this flat space into a web of resources. The web expresses your access control logic. Below are the resource webs for the Coffeebreak application.

An <http://waterken.com/coffeebreak/ACoffeeEditor> authorizes the holder to view and edit a coffee resource.

http://waterken.com/coffeebreak/ACoffeeEditor

An <http://waterken.com/coffeebreak/Accountant> authorizes the holder to view both a weekly sales list and a price list.

http://waterken.com/coffeebreak/Accountant

Web diagram

In a web diagram, each circle represents a resource and each arrow represents a link. Some resources contain SQL for accessing the underlying database; other resources are purely navigational aids. As in the WWW, all links are unidirectional. Starting from a given resource, you can only traverse links emanating from that resource.

Capability URI

A link in a web diagram is implemented by a capability URI. A capability URI contains a random, 128 bit number. A random, 128 bit number is unguessable. It is computationally infeasible for an attacker to gain access to a resource identified by a capability URI. Accessing such a resource is only possible for users who have been given the capability URI. The WaterkenTM RDB Webizer includes an HTTP server. The server ensures that only requests received on a valid capability URI are delivered to the corresponding resource.

Auditing access control

Using a web diagram, you can determine exactly what resources are accessible from any entry point by following the arrows. The holder of an <Accountant> capability can access the price list and weekly sales resources. The holder of a price list resource capability, however, cannot access either weekly sales, <Accountant>, or any <ACoffeeEditor>.

The coffeehouse gives its accountant a capability for the <Accountant> resource. They link to the price list resource from their public website, so that customers can see the menu. The business gives a manager access to the <ACoffeeEditor> resource for each coffee, so that he or she can edit prices. This tutorial discusses all of these resources.

The next page describes installing the code.

top

Copyright 2002 - 2003 Waterken Inc. All rights reserved.

Powered by Waterken Server! Valid XHTML 1.0! Valid CSS!