Research Article
Supporting Agile Development of Authorization Rules for SME Applications
@INPROCEEDINGS{10.1007/978-3-642-03354-4_35, author={Steffen Bartsch and Karsten Sohr and Carsten Bormann}, title={Supporting Agile Development of Authorization Rules for SME Applications}, proceedings={3rd International ICST Workshop on Trusted Collaboration}, proceedings_a={TRUSTCOL}, year={2012}, month={5}, keywords={Authorization Policy Agile Security Engineering End-User Development DSL SME Applications}, doi={10.1007/978-3-642-03354-4_35} }- Steffen Bartsch
Karsten Sohr
Carsten Bormann
Year: 2012
Supporting Agile Development of Authorization Rules for SME Applications
TRUSTCOL
Springer
DOI: 10.1007/978-3-642-03354-4_35
Abstract
Custom SME applications for collaboration and workflow have become affordable when implemented as Web applications employing Agile methodologies. Security engineering is still difficult with Agile development, though: heavy-weight processes put the improvements of Agile development at risk. We propose Agile security engineering and increased end-user involvement to improve Agile development with respect to authorization policy development. To support the authorization policy development, we introduce a simple and readable authorization rules language implemented in a Ruby on Rails authorization plugin that is employed in a real-world SME collaboration and workflow application. Also, we report on early findings of the language’s use in authorization policy development with domain experts.