3rd International ICST Workshop on Trusted Collaboration

Research Article

Supporting Agile Development of Authorization Rules for SME Applications

Download
464 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-03354-4_35,
        author={Steffen Bartsch and Karsten Sohr and Carsten Bormann},
        title={Supporting Agile Development of Authorization Rules for SME Applications},
        proceedings={3rd International ICST Workshop on Trusted Collaboration},
        proceedings_a={TRUSTCOL},
        year={2012},
        month={5},
        keywords={Authorization Policy Agile Security Engineering End-User Development DSL SME Applications},
        doi={10.1007/978-3-642-03354-4_35}
    }
    
  • Steffen Bartsch
    Karsten Sohr
    Carsten Bormann
    Year: 2012
    Supporting Agile Development of Authorization Rules for SME Applications
    TRUSTCOL
    Springer
    DOI: 10.1007/978-3-642-03354-4_35
Steffen Bartsch1,*, Karsten Sohr1,*, Carsten Bormann1,*
  • 1: Universität Bremen
*Contact email: sbartsch@tzi.org, sohr@tzi.org, cabo@tzi.org

Abstract

Custom SME applications for collaboration and workflow have become affordable when implemented as Web applications employing Agile methodologies. Security engineering is still difficult with Agile development, though: heavy-weight processes put the improvements of Agile development at risk. We propose Agile security engineering and increased end-user involvement to improve Agile development with respect to authorization policy development. To support the authorization policy development, we introduce a simple and readable authorization rules language implemented in a Ruby on Rails authorization plugin that is employed in a real-world SME collaboration and workflow application. Also, we report on early findings of the language’s use in authorization policy development with domain experts.