Supporting Agile Development of Authorization Rules for SME Applications
نویسندگان
چکیده
Custom SME applications for collaboration and workflow have become affordable when implemented as Web applications employing Agile methodologies. Security engineering is still difficult with Agile development, though: heavy-weight processes put the improvements of Agile development at risk. We propose Agile security engineering and increased end-user involvement to improve Agile development with respect to authorization policy development. To support the authorization policy development, we introduce a simple and readable authorization rules language implemented in a Ruby on Rails authorization plugin that is employed in a real-world SME collaboration and workflow application. Also, we report on early findings of the language’s use in authorization policy development with domain experts.
منابع مشابه
Agile Development of a Custom-Made Vocabulary Mobile Application: A Critical Qualitative Approach
There have been some observed studies and developed applications (apps), with a concentration on Mobile Assisted Language Learning (MALL), and no consideration of communicative needs of the learners; besides, these studies focused on either the theoretical aspects or the utilization of the available apps in the market (Burston & Athanasiou, 2020). Hence, Vocabulary Guru (VG), a custom-made mobi...
متن کاملA Case Study of SME Web Application Development Effectiveness via Agile Methods
The development of Web applications is an important focus of the modern information enabled organization – whether the Web application development is in-house, outsourced, or purchased as ‘commercial-off-the-shelf’ (COTS) software. Traditionally Web application development has been delivered via the dominant waterfall system. The waterfall system relies upon well-defined governance structures, ...
متن کاملEnhancing Tool Support for Situational Engineering of Agile Methodologies in Eclipse
In recent years, with the growth of software engineering, agile software development methodologies have also grown substantially, replacing plandriven approaches in many areas. Although prominent agile methodologies are in wide use today, there is no method which is suitable for all situations. It has therefore become essential to apply Situational Method Engineering (SME) approaches to produce...
متن کاملSecuring the Software Defined Network Control Layer
Software-defined networks (SDNs) pose both an opportunity and challenge to the network security community. The opportunity lies in the ability of SDN applications to express intelligent and agile threat mitigation logic against hostile flows, without the need for specialized inline hardware. However, the SDN community lacks a secure control-layer to manage the interactions between the applicati...
متن کاملSecurity System for Distributed Business Applications
Internet-focused application components of cooperating enterprises need comprehensive security technologies that go far beyond simple Internet authentication and authorization mechanisms. Basically, authentication is the process of determining the identity of a user or system, whereas authorization is the process of specifying who is allowed to access which resources. XML-based Web services is ...
متن کامل