Chapter

Collaborative Computing: Networking, Applications and Worksharing

Volume 10 of the series Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering pp 461-471

Supporting Agile Development of Authorization Rules for SME Applications

  • Steffen BartschAffiliated withTechnologie-Zentrum Informatik TZI, Universität Bremen
  • , Karsten SohrAffiliated withTechnologie-Zentrum Informatik TZI, Universität Bremen
  • , Carsten BormannAffiliated withTechnologie-Zentrum Informatik TZI, Universität Bremen

Abstract

Custom SME applications for collaboration and workflow have become affordable when implemented as Web applications employing Agile methodologies. Security engineering is still difficult with Agile development, though: heavy-weight processes put the improvements of Agile development at risk. We propose Agile security engineering and increased end-user involvement to improve Agile development with respect to authorization policy development. To support the authorization policy development, we introduce a simple and readable authorization rules language implemented in a Ruby on Rails authorization plugin that is employed in a real-world SME collaboration and workflow application. Also, we report on early findings of the language’s use in authorization policy development with domain experts.

Keywords

Authorization Policy Agile Security Engineering End-User Development DSL SME Applications