Browser unable to execute script; please use the site map to navigate the site.

Wrappers — a mechanism to support state-based authorisation in Web applications

Olivier and Gudes


(Citation)Citation information

M. S. Olivier and E. Gudes. “Wrappers — a mechanism to support state-based authorisation in Web applications”. In: Data and Applications Security — Developments and Directions. Ed. by B. Thuraisingham, R. P. van de Riet, K. R. Dittrich, and Z. Tari. Journal version also published Olivier and Gudes, “Wrappers — a mechanism to support state-based authorisation in Web applications”. Kluwer, 2001, pp. 149–160


The first premise of this paper is that security should ultimately be associated with an application because application semantics have a direct influence on proper protection. The second premise is that applications are generally too complex to be trusted to implement security as specified by the given security policy. These problems are aggravated if the application operates over normal time and space constraints: The best example of such applications is workflow systems where various actors — possibly from multiple organisations — interact on long transactions to complete a given task.

The solution presented in this paper is an approach referred to as wrappers: a wrapper is a simple program that has enough knowledge about a specific application’s potential states and the actions that are permissible in each state. Using this knowledge, it is able to filter requests that should not reach an application at a given point. It is important to note that wrappers are not intended to subsume the security functionality of an application, but serve as an additional check.

The paper presents its concepts in a World-wide Web environment that renders it immediately useful.

(Full text; password required)Full text

A pre- or postprint of the publication is available at
Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.

(Authoritative version on publisher's site)Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.1007/0-306-47008-X_14

(BibTeX record)BibTeX reference

author={Martin S Olivier and Ehud Gudes},
title={Wrappers --- a mechanism to support state-based authorisation in Web applications},
editor={Bhavani Thuraisingham and van de Riet, Reind P and Klaus R Dittrich and Zahir Tari},
booktitle={Data and Applications Security --- Developments and Directions},
note={Journal version also published cite{wrapper2}} )