Supporting Customized Views for Enforcing Access Control Constraints in Real-Time Collaborative Web Applications

  • Patrick Gaubatz
  • Waldemar Hummer
  • Uwe Zdun
  • Mark Strembeck
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7977)


Real-time collaborative Web applications allow multiple users to concurrently work on a shared document. In addition to popular use cases, such as collaborative text editing, they can also be used for form-based business applications that often require forms to be filled out by different stakeholders. In this context, different users typically need to fill in different parts of a form. Role-based access control and entailment constraints provide means for defining such restrictions. Major challenges in the context of integrating collaborative Web applications with access control restrictions are how to support changes of the configuration of access constrained UI elements at runtime, realizing acceptable performance and update behaviour, and an easy integration with existing Web applications. In this paper, we address these challenges through a novel approach supporting constrained and customized UI views that support runtime changes and integrate well with existing Web applications. Using a prototypical implementation, we show that the approach provides acceptable update behaviour and requires only a small performance overhead for the access control tasks with linear scalability.


Access Control Access Control Policy Customizable Property Concurrent Request View Updater 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Belchior, M., Schwabe, D., Silva Parreiras, F.: Role-based access control for model-driven web applications. In: Brambilla, M., Tokuda, T., Tolksdorf, R. (eds.) ICWE 2012. LNCS, vol. 7387, pp. 106–120. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Berry, L., Bartram, L., Booth, K.S.: Role-based control of shared application views. In: 18th ACM Symposium on User Interface Software and Technology (UIST), pp. 23–32 (2005)Google Scholar
  3. 3.
    Bertino, E., Ferraria, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security 2(1), 65–104 (1999)CrossRefGoogle Scholar
  4. 4.
    Ellis, C.A., Gibbs, S.J.: Concurrency control in groupware systems. SIGMOD Record 18(2), 399–407 (1989)CrossRefGoogle Scholar
  5. 5.
    Farwick, M., Agreiter, B., White, J., Forster, S., Lanzanasto, N., Breu, R.: A web-based collaborative metamodeling environment with secure remote model access. In: Benatallah, B., Casati, F., Kappel, G., Rossi, G. (eds.) ICWE 2010. LNCS, vol. 6189, pp. 278–291. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Fowler, M.: Presentation model. Essay (July 2004)Google Scholar
  7. 7.
    Gaubatz, P., Zdun, U.: Supporting entailment constraints in the context of collaborative web applications. In: 28th Symposium on Applied Computing (2013)Google Scholar
  8. 8.
    Heinrich, M., Lehmann, F., Springer, T., Gaedke, M.: Exploiting single-user web applications for shared editing: a generic transformation approach. In: Proceedings of the 21st International Conference on World Wide Web, pp. 1057–1066 (2012)Google Scholar
  9. 9.
    Hummer, W., Gaubatz, P., Strembeck, M., Zdun, U., Dustdar, S.: An integrated approach for identity and access management in a SOA context. In: 16th ACM Symposium on Access Control Models and Technologies (SACMAT) (2011)Google Scholar
  10. 10.
    Joshi, J.B.D., Aref, W.G., Ghafoor, A., Spafford, E.H.: Security models for web-based applications. Communications of the ACM 44(2), 38–44 (2001)CrossRefGoogle Scholar
  11. 11.
    Kalam, A.A.E., Benferhat, S., Miège, A., Baida, R.E., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: 4th IEEE Int. Workshop on Policies for Distributed Systems and Networks (2003)Google Scholar
  12. 12.
    Koidl, K., Conlan, O., Wade, V.: Towards user-centric cross-site personalisation. In: Auer, S., Díaz, O., Papadopoulos, G.A. (eds.) ICWE 2011. LNCS, vol. 6757, pp. 391–394. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Mallouli, W., Orset, J.M., Cavalli, A., Cuppens, N., Cuppens, F.: A formal approach for testing security rules. In: 12th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 127–132. ACM (2007)Google Scholar
  14. 14.
    Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role- based access control models. Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  15. 15.
    Smith, J.: WPF apps with the Model-View-ViewModel design pattern. MSDN Magazine (2009)Google Scholar
  16. 16.
    Starnberger, G., Froihofer, L., Goeschka, K.M.: A generic proxy for secure smart card-enabled web applications. In: Benatallah, B., Casati, F., Kappel, G., Rossi, G. (eds.) ICWE 2010. LNCS, vol. 6189, pp. 370–384. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Strembeck, M.: Scenario-driven Role Engineering. IEEE Security & Privacy 8(1) (January/February 2010)Google Scholar
  18. 18.
    Strembeck, M., Mendling, J.: Generic algorithms for consistency checking of mutual-exclusion and binding constraints in a business process context. In: Meersman, R., Dillon, T.S., Herrero, P. (eds.) OTM 2010. LNCS, vol. 6426, pp. 204–221. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Sun, C., Xia, S., Sun, D., Chen, D., Shen, H., Cai, W.: Transparent adaptation of single-user applications for multi-user real-time collaboration. ACM Transactions on Computer-Human Interaction 13(4), 531–582 (2006)CrossRefGoogle Scholar
  20. 20.
    Wainer, J., Barthelmes, P., Kumar, A.: W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints. International Journal of Cooperative Information Systems (IJCIS) 12(4) (December 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Patrick Gaubatz
    • 1
  • Waldemar Hummer
    • 2
  • Uwe Zdun
    • 1
  • Mark Strembeck
    • 3
  1. 1.Faculty of Computer ScienceUniversity of ViennaAustria
  2. 2.Distributed Systems GroupVienna University of TechnologyAustria
  3. 3.Institute for Information SystemsWUViennaAustria

Personalised recommendations