TU Darmstadt / ULB / TUbiblio

Supporting Agile Development of Authorization Rules for SME Applications

Bartsch, Steffen and Sohr, Karsten and Bormann, Carsten (2009):
Supporting Agile Development of Authorization Rules for SME Applications.
In: TrustCol: 3rd International Workshop on Trusted Collaboration, Springer, Orlando, FL, USA, DOI: 10.1007/978-3-642-03354-4_35,
[Conference or Workshop Item]

Abstract

Custom SME applications for collaboration and workflow have become affordable when implemented as Web applications employing Agile methodologies. Security engineering is still difficult with Agile development, though: heavy-weight processes put the improvements of Agile development at risk. We propose Agile security engineering and increased end-user involvement to improve Agile development with respect to authorization policy development. To support the authorization policy development, we introduce a simple and readable authorization rules language implemented in a Ruby on Rails authorization plugin that is employed in a real-world SME collaboration and workflow application. Also, we report on early findings of the language’s use in authorization policy development with domain experts.

Item Type: Conference or Workshop Item
Erschienen: 2009
Creators: Bartsch, Steffen and Sohr, Karsten and Bormann, Carsten
Title: Supporting Agile Development of Authorization Rules for SME Applications
Language: English
Abstract:

Custom SME applications for collaboration and workflow have become affordable when implemented as Web applications employing Agile methodologies. Security engineering is still difficult with Agile development, though: heavy-weight processes put the improvements of Agile development at risk. We propose Agile security engineering and increased end-user involvement to improve Agile development with respect to authorization policy development. To support the authorization policy development, we introduce a simple and readable authorization rules language implemented in a Ruby on Rails authorization plugin that is employed in a real-world SME collaboration and workflow application. Also, we report on early findings of the language’s use in authorization policy development with domain experts.

Title of Book: TrustCol: 3rd International Workshop on Trusted Collaboration
Publisher: Springer
Uncontrolled Keywords: Secure Data
Divisions: 20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > SECUSO - Security, Usability and Society
LOEWE > LOEWE-Zentren
20 Department of Computer Science
LOEWE
Event Location: Orlando, FL, USA
Date Deposited: 28 Jul 2016 18:35
DOI: 10.1007/978-3-642-03354-4_35
Identification Number: Bartsch08a
Export:

Optionen (nur für Redakteure)

View Item View Item