Authorization in its most basic form can be reduced to a simple question: "a subject X may access a resource Y?" A subject is a process, which is the representative of a user or an active external agent in a system. A resource is anything worth protecting such as files or services. The attempt to implement an adequate response to the authorization question has produced many access control models and mechanisms. The development of the authorization mechanisms usually employs frameworks, as a way of reusing larger portions of software. The present authorization context has demanded for applications able to handle security policies of multiple access control models. Industry has resolved this problem in a pragmatic way, by mingling business and authorization concerns into the code. This dissertation thesis proposes an extensible and decoupled architectural model, which allows the separation of authorization from business concerns. The Esfinge Guardian framework is proposed, instantiated based on the architectural model and made available as an open source tool. An application is created as an experiment, in which some authorization scenarios have been implemented and the achieved modularity is evaluated. Additionally, a comparative analysis among academic and industry frameworks is realized. As a result, software developers using Esfinge Guardian should be able to write code respecting the software engineering principle of separation of concerns.
| Identifer | oai:union.ndltd.org:IBICT/oai:agregador.ibict.br.BDTD_ITA:oai:ita.br:2840 |
| Date | 06 December 2013 |
| Creators | Jefferson de Oliveira Silva |
| Contributors | Eduardo Martins Guerra, Clovis Torres Fernandes |
| Publisher | Instituto Tecnológico de Aeronáutica |
| Source Sets | IBICT Brazilian ETDs |
| Language | English |
| Detected Language | English |
| Type | info:eu-repo/semantics/publishedVersion, info:eu-repo/semantics/masterThesis |
| Format | application/pdf |
| Source | reponame:Biblioteca Digital de Teses e Dissertações do ITA, instname:Instituto Tecnológico de Aeronáutica, instacron:ITA |
| Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0025 seconds