Tools
Tools
DA SILVA, Carlos, MEDEIROS, Welkson and SAMPAIO, Silvio (2019). PEP4Django - A Policy Enforcement Point for Python Web Applications. In: IX Workshop de Gestão de Identidades Digitais (WGID), São Paulo, 03-04 Sep 2019.
|
PDF
197909.pdf - Published Version All rights reserved. Download (329kB) | Preview |
Abstract
Traditionally, access control mechanisms have been hard-coded into application components. Such approach is error-prone, mixing business logic with access control concerns, and affecting the flexibility of security policies, as is the case with IFRN SUAP Django-based system. The externalization of access control rules allows their decoupling from business logic, through the use of authorization servers where access control policies are stored and queried for computing access decisions. In this context, this paper presents an approach that allows a Django Web application to delegate access control decisions to an external authorization server. The approach has been integrated into an enterprise level system, which has been used for experimentation. The results obtained indicate a negligible overhead, while allowing the modification of access control policies without interrupting the system.
| Item Type: | Conference or Workshop Item (Paper) |
|---|---|
| Additional Information: | Best paper award. |
| SWORD Depositor: | Symplectic Elements |
| Depositing User: | Symplectic Elements |
| Date Deposited: | 30 Apr 2020 10:45 |
| Last Modified: | 18 Mar 2021 01:52 |
| URI: | https://shura.shu.ac.uk/id/eprint/26191 |
Actions (login required)
 |
View Item |
Downloads
Downloads per month over past year