Skip to main content
SpringerLink
Log in

Architectural Considerations for a Data Access Marketplace Based upon API Management

  • Conference paper
  • First Online:
Data Management Technologies and Applications (DATA 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 862))

  • 405 Accesses

Abstract

Data and access to data are becoming more and more a product or service to be sold. In order to deal with data access, this paper presents a marketplace for trading data. Within the marketplace, producers can present their offerings for data access and algorithms, whereas consumers are able to browse through the offerings, to subscribe to corresponding services, and to use them after being approved. As a specific property, the presented approach allows to control data access at a fine-granular level. This supports use cases where different consumers should see different portions of data according to subscribed price models and/or Service Level Agreements (SLAs). The approach takes benefit from API management, particularly the tool WSO2. The paper discusses possible architectures to combine API Management with user-specific filtering and control of SLAs, and illustrates in detail how the features of WSO2 help ease implementation and reduce effort on the one hand. On the other hand, the paper elaborates upon several technical challenges to overcome.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abramov, J., Anson, O., Dahan, M., et al.: A methodology for integrating access control policies within database development. Comput. Secur. 31(3), 299–314 (2012)

    Article  Google Scholar 

  2. Balazinska, M., Howe, B., Suciu, D.: Data markets in the cloud: an opportunity for the fatabase community. Proc. VLDB Endow. 4(12), 1482–1485 (2011)

    Google Scholar 

  3. Barker, S.: Dynamic meta-level access control in SQL. In: Atluri, V. (ed.) DBSec 2008. LNCS, vol. 5094, pp. 1–16. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70567-3_1

    Chapter  Google Scholar 

  4. Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization mechanism for relational data management systems. ACM Trans. Inf. Syst. 17(2), 101–140 (1999)

    Article  Google Scholar 

  5. Caires, L., Pérez, J.A., Seco, J.C., Vieira, H.T., Ferrão, L.: Type-based access control in data-centric systems. In: Barthe, G. (ed.) ESOP 2011. LNCS, vol. 6602, pp. 136–155. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19718-5_8

    Chapter  MATH  Google Scholar 

  6. Chaudhuri, S., Dutta, T., Sudarshan, S.: Fine grained authorization through predicated grants. In: 23rd International Conference on Data Engineering (ICDE), pp. 1174–1183. IEEE (2007)

    Google Scholar 

  7. Chlipala, A., Impredicative, L.: Static checking of dynamically-varying security policies in database-backed applications. In: The USENIX Conference on Operating Systems Design and Implementation, pp. 105–118 (2010)

    Google Scholar 

  8. Corcoran, B., Swamy, N., Hicks, M.: Cross-tier, label-based security enforcement for web applications. In: Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data, pp. 269–282. ACM (2009)

    Google Scholar 

  9. Fischer, J., Marino, D., Majumdar, R., Millstein, T.: Fine-grained access control with object-sensitive roles. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 173–194. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03013-0_9

    Chapter  Google Scholar 

  10. Fuchs, L., Pernul, G., Sandhu, R.: Roles in information security – a survey and classification of the research area. Comput. Secur. 30(8), 748–769 (2011)

    Article  Google Scholar 

  11. Hohenstein, U., Zillner, S., Biesdorf, A.: Architectural considerations for a data access marketplace. In: Proceedings of the 7th International Conference on Data Science, Technology and Applications (DATA 2018), Porto (Portugal), pp. 323–333 (2018)

    Google Scholar 

  12. Jayaraman, K., Tripunitara, M., Ganesh, V., et al.: Mohawk: abstraction-refinement and bound-estimation for verifying access control policies. ACM Trans. Inf. Syst. Secur. (TISSEC) 15(4), 1–28 (2013). Article No. 18

    Article  Google Scholar 

  13. LeFevre, K., Agrawal, R., Ercegovac, V., et al.: Limiting disclosure in hippocratic databases. In: Proceedings of the 13th VLDB, pp. 108–119 (2004)

    Chapter  Google Scholar 

  14. Oracle: Using Oracle Virtual Private Database to Control Data Access. https://docs.oracle.com/cd/B28359_01/network.111/b28531/vpd.htm#DBSEG007

  15. Pereira, O., Regateiro, D., Aguiar, R.: Distributed and typed role-based access control mechanisms driven by CRUD expressions. Int. J. Comput. Sci. Theor. Appl. 2(1), 1–11 (2014)

    Google Scholar 

  16. Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: ACM SIGMOD Conference, pp. 551–562 (2004)

    Google Scholar 

  17. Rjaibi, W.: Data security best practices: a practical guide to implementing row and column access control. https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Wc9a068d7f6a6_4434_aece_0d297ea80ab1/page/A%20practical%20guide%20to%20implementing%20row%20and%20column%20access%20control

  18. Roichman, A., Gudes, E.: Fine-grained access control to web databases. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 31–40. ACM (2007)

    Google Scholar 

  19. Roman, D., Paniagua, J., Tarasova, T., et al.: proDataMarket: a data marketplace for monetizing linked data. In: Demo Paper at 16th International Semantic Web Conference (ISWC 2017), Vienna (2017)

    Google Scholar 

  20. Sonntag, D., Tresp, V., Zillner, S., Cavallaro, A., et al.: The clinical data intelligence project. Informatik-Spektrum 39, 1–11 (2015)

    Google Scholar 

  21. Wang, Q., Yu, T., Li, N., et al.: On the correctness criteria of fine-grained access control in relational databases. In: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 555–566 (2007)

    Google Scholar 

  22. Zarnett, J., Tripunitara, M., Lam, P.: Role-based access control (RBAC) in Java via proxy objects using annotations. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, pp. 79–88. ACM (2010)

    Google Scholar 

  23. XACML: XACML – eXtensible Access Control Markup Language. http://www.oasisopen.org/committees/tchome.php?wgabbrev=xacml

Download references

Acknowledgements

This research has been supported in part by the KDI project, which is funded by the German Federal Ministry of Economics and Technology under grant number 01MT14001 and by the EU FP7 Diachron project (GA 601043).

Author information

Authors and Affiliations

  1. Corporate Technology, Siemens AG, Otto-Hahn-Ring 6, 81730, Munich, Germany

    Uwe Hohenstein, Sonja Zillner & Andreas Biesdorf

Authors
  1. Uwe Hohenstein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sonja Zillner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Biesdorf
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Uwe Hohenstein , Sonja Zillner or Andreas Biesdorf .

Editor information

Editors and Affiliations

  1. RWTH Aachen University, Aachen, Nordrhein-Westfalen, Germany

    Christoph Quix

  2. University of Coimbra, Coimbra, Portugal

    Jorge Bernardino

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hohenstein, U., Zillner, S., Biesdorf, A. (2019). Architectural Considerations for a Data Access Marketplace Based upon API Management. In: Quix, C., Bernardino, J. (eds) Data Management Technologies and Applications. DATA 2018. Communications in Computer and Information Science, vol 862. Springer, Cham. https://doi.org/10.1007/978-3-030-26636-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-26636-3_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-26635-6

  • Online ISBN: 978-3-030-26636-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation