B. Murgante et al. (Eds.): ICCSA 2012, Part III, LNCS 7335, pp. 682–697, 2012. © Springer-Verlag Berlin Heidelberg 2012 BTA: Architecture for Reusable Business Tier Components with Access Control Óscar Mortágua Pereira 1 , Rui L. Aguiar 1 , and Maribel Yasmina Santos 2 1 DETI, Instituto de Telecomunicações, University of Aveiro 3810-193 Aveiro, Portugal {omp,ruilaa}@ua.pt 2 Centro Algoritmi, University of Minho 4800-058 Guimarães, Portugal maribel@dsi.uminho.pt Abstract. Currently, business tiers for relational database applications are mostly built from software artifacts, among which Java Persistent API, Java Database Connectivity and LINQ are three representatives. Those software artifacts were mostly devised to address the impedance mismatch between the object-oriented and the relational paradigms. Key aspects as reusable business tier components and access control to data residing inside relational databases have not been addressed. To tackle the two aspects, this research proposes an architecture, referred to here as Business Tier Architecture (BTA), to develop reusable business tier components which enforce access control policies to data residing inside relational databases management systems. Besides BTA, this paper also presents a proof of concept based on Java and on Java Database Connectivity (JDBC). Keywords: reuse, component, business tier, databases, access control. 1 Introduction Object-oriented and relational paradigms are simply too different to bridge seamlessly, leading to a set of difficulties informally known as impedance mismatch [1]. Impedance mismatch derives from the diverse foundations of both paradigms and has been an open issue for more than 50 years [2]. To tackle impedance mismatch, several solutions have been devised, including Call-Level Interfaces (CLI), Embedded SQL, object-to-relational mapping techniques (O/RM), language extensions and persistent frameworks. These solutions are used to build business tiers aimed at dealing with and hiding all the complexity of the translation between the two paradigms. In spite of their key relevance to build business tiers, these solutions do not address two aspects: 1) reusability – they are not tailored to develop reusable business tiers components [3] and 2) security – they do not provide any access control mechanism to data residing inside relational database management systems (RDBMS). Next, a deeper analysis on both aspects is presented.