Tine Verhanneman
Katholieke Universiteit Leuven
Belgium

Frank Piessens
Katholieke Universiteit Leuven
Belgium

Bart De Win
Katholieke Universiteit Leuven
Belgium

Wouter Joosen
Katholieke Universiteit Leuven
Belgium

Enforcing fine-grained and expressive access control policies on application resources can only be done in application-level code. Due to the fact that the burden is entirely placed on the application deployer to translate high-level policy rules to deployment descriptors, configuration files or code, it is hard to enforce such a
policy uniformly in the different applications deployed within the organization.
To address this problem, the concept of an access interface is introduced as a contract between an organizationwide authorization engine and the various applications that need its services. By means of a view connector, it is ensured that each application
complies with this contract. This approach naturally supports the separation-of-concerns principle and as a consequence also a uniform enforcement of an organizationwide policy.

Keywords: access control, separation of concerns, aspect oriented software development

Read Paper (in PDF)