PEP4Django - A Policy Enforcement Point for Python Web Applications

DA SILVA, Carlos, MEDEIROS, Welkson and SAMPAIO, Silvio (2019). PEP4Django - A Policy Enforcement Point for Python Web Applications. In: IX Workshop de Gestão de Identidades Digitais (WGID), São Paulo, 03-04 Sep 2019.

197909.pdf - Published Version
All rights reserved.

Download (329kB) | Preview
Official URL:


Traditionally, access control mechanisms have been hard-coded into application components. Such approach is error-prone, mixing business logic with access control concerns, and affecting the flexibility of security policies, as is the case with IFRN SUAP Django-based system. The externalization of access control rules allows their decoupling from business logic, through the use of authorization servers where access control policies are stored and queried for computing access decisions. In this context, this paper presents an approach that allows a Django Web application to delegate access control decisions to an external authorization server. The approach has been integrated into an enterprise level system, which has been used for experimentation. The results obtained indicate a negligible overhead, while allowing the modification of access control policies without interrupting the system.

Item Type: Conference or Workshop Item (Paper)
Additional Information: Best paper award.
SWORD Depositor: Symplectic Elements
Depositing User: Symplectic Elements
Date Deposited: 30 Apr 2020 10:45
Last Modified: 18 Mar 2021 01:52

Actions (login required)

View Item View Item


Downloads per month over past year

View more statistics