Title :
A model-driven approach for the visual specification of Role-Based Access Control policies in web systems
Author :
Díaz, Paloma ; Aedo, Ignacio ; Sanz, Daniel ; Malizia, Alessio
Author_Institution :
Lab. DEI., Univ. Carlos III de Madrid, Madrid
Abstract :
Specifying the access policy of a Web system is a relevant design concern that is often dismissed or postponed until the implementation. ADM-RBAC (Ariadne development method with role-based access control) is a model-driven approach for Web systems that supports the specification of access control policies in an integrated way and at two abstraction levels. At the conceptual level a number of visual models specify the access policy in a way that is similar to the userspsila point of view. At the detailed level, models are oriented towards providing enough details to generate prototypes in an automatic or semiautomatic way. In this paper we describe the visual models of ADM-RBAC and their empirical evaluation.
Keywords :
Internet; authorisation; formal specification; Ariadne development method; Web system; access policy; role-based access control; visual model; visual specification; Access control; DSL; Domain specific languages; Laboratories; Metamodeling; Navigation; Permission; Prototypes; Security; Web design;
Conference_Titel :
Visual Languages and Human-Centric Computing, 2008. VL/HCC 2008. IEEE Symposium on
Conference_Location :
Herrsching am Ammersee
Print_ISBN :
978-1-4244-2528-0
Electronic_ISBN :
1943-6092
DOI :
10.1109/VLHCC.2008.4639087
