Bartsch, Steffen ; Sohr, Karsten ; Bormann, Carsten (2009)
Supporting Agile Development of Authorization Rules for SME Applications.
Orlando, FL, USA
doi: 10.1007/978-3-642-03354-4_35
Conference or Workshop Item, Bibliographie
Abstract
Custom SME applications for collaboration and workflow have become affordable when implemented as Web applications employing Agile methodologies. Security engineering is still difficult with Agile development, though: heavy-weight processes put the improvements of Agile development at risk. We propose Agile security engineering and increased end-user involvement to improve Agile development with respect to authorization policy development. To support the authorization policy development, we introduce a simple and readable authorization rules language implemented in a Ruby on Rails authorization plugin that is employed in a real-world SME collaboration and workflow application. Also, we report on early findings of the language’s use in authorization policy development with domain experts.
Item Type: | Conference or Workshop Item |
---|---|
Erschienen: | 2009 |
Creators: | Bartsch, Steffen ; Sohr, Karsten ; Bormann, Carsten |
Type of entry: | Bibliographie |
Title: | Supporting Agile Development of Authorization Rules for SME Applications |
Language: | English |
Date: | 2009 |
Publisher: | Springer |
Book Title: | TrustCol: 3rd International Workshop on Trusted Collaboration |
Event Location: | Orlando, FL, USA |
DOI: | 10.1007/978-3-642-03354-4_35 |
Abstract: | Custom SME applications for collaboration and workflow have become affordable when implemented as Web applications employing Agile methodologies. Security engineering is still difficult with Agile development, though: heavy-weight processes put the improvements of Agile development at risk. We propose Agile security engineering and increased end-user involvement to improve Agile development with respect to authorization policy development. To support the authorization policy development, we introduce a simple and readable authorization rules language implemented in a Ruby on Rails authorization plugin that is employed in a real-world SME collaboration and workflow application. Also, we report on early findings of the language’s use in authorization policy development with domain experts. |
Uncontrolled Keywords: | Secure Data |
Divisions: | 20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt 20 Department of Computer Science > SECUSO - Security, Usability and Society LOEWE > LOEWE-Zentren 20 Department of Computer Science LOEWE |
Date Deposited: | 28 Jul 2016 18:35 |
Last Modified: | 17 May 2018 13:02 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Send an inquiry |
Options (only for editors)
Show editorial Details |