TU Darmstadt / ULB / TUbiblio

Supporting Agile Development of Authorization Rules for SME Applications

Bartsch, Steffen ; Sohr, Karsten ; Bormann, Carsten (2009)
Supporting Agile Development of Authorization Rules for SME Applications.
Orlando, FL, USA
doi: 10.1007/978-3-642-03354-4_35
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Custom SME applications for collaboration and workflow have become affordable when implemented as Web applications employing Agile methodologies. Security engineering is still difficult with Agile development, though: heavy-weight processes put the improvements of Agile development at risk. We propose Agile security engineering and increased end-user involvement to improve Agile development with respect to authorization policy development. To support the authorization policy development, we introduce a simple and readable authorization rules language implemented in a Ruby on Rails authorization plugin that is employed in a real-world SME collaboration and workflow application. Also, we report on early findings of the language’s use in authorization policy development with domain experts.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2009
Autor(en): Bartsch, Steffen ; Sohr, Karsten ; Bormann, Carsten
Art des Eintrags: Bibliographie
Titel: Supporting Agile Development of Authorization Rules for SME Applications
Sprache: Englisch
Publikationsjahr: 2009
Verlag: Springer
Buchtitel: TrustCol: 3rd International Workshop on Trusted Collaboration
Veranstaltungsort: Orlando, FL, USA
DOI: 10.1007/978-3-642-03354-4_35
Kurzbeschreibung (Abstract):

Custom SME applications for collaboration and workflow have become affordable when implemented as Web applications employing Agile methodologies. Security engineering is still difficult with Agile development, though: heavy-weight processes put the improvements of Agile development at risk. We propose Agile security engineering and increased end-user involvement to improve Agile development with respect to authorization policy development. To support the authorization policy development, we introduce a simple and readable authorization rules language implemented in a Ruby on Rails authorization plugin that is employed in a real-world SME collaboration and workflow application. Also, we report on early findings of the language’s use in authorization policy development with domain experts.

Freie Schlagworte: Secure Data
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > SECUSO - Security, Usability and Society
LOEWE > LOEWE-Zentren
20 Fachbereich Informatik
LOEWE
Hinterlegungsdatum: 28 Jul 2016 18:35
Letzte Änderung: 17 Mai 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen