Implementing a modular access control service to support application-specific policies in CaesarJ
AOMD '05 Proceedings of the 1st workshop on Aspect oriented middleware development
Infrastructural Support for Enforcing and Managing Distributed Application-Level Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
A comparison of two approaches for achieving flexible and adaptive security middleware
Proceedings of the 2008 workshop on Middleware security
Security Monitor Inlining for Multithreaded Java
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
COORDINATION'08 Proceedings of the 10th international conference on Coordination models and languages
Enforcing UCON policies on the enterprise service bus
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems: Part II
Enhancing optimistic access controls with usage control
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Hi-index | 0.00 |
Fine-grained and expressive access control policies on application resources need to be enforced in applicationlevel code. Uniformly enforcing a single policy (referred to as the organizationwide policy) in diverse applications is challenging with current technologies. This is due to a poor delimitation of the responsibilities of application deployer and security officer, which hampers a centralized management of a policy and therefore compromises the uniformity of its enforcement. To address this problem, the concept of an access interface is introduced as a contract between an organizationwide authorization engine and the various applications that need its services. The access interface provides support for the central management of the policy by the security officer. By means of a view connector, the application deployer ensures that each application complies with this contract, so that the policy can be enforced.