Model-Driven Software Development - Web Abstractions 2
Upcoming SlideShare
Loading in...5
×
 

Model-Driven Software Development - Web Abstractions 2

on

  • 1,485 views

Fourth lecture in course "Model-Driven Software Development" at Delft University of Technology

Fourth lecture in course "Model-Driven Software Development" at Delft University of Technology

Statistics

Views

Total Views
1,485
Views on SlideShare
1,422
Embed Views
63

Actions

Likes
1
Downloads
37
Comments
0

4 Embeds 63

http://localhost 24
http://eelcovisser.org 21
http://blog.eelcovisser.net 15
http://www.slideshare.net 3

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Model-Driven Software Development - Web Abstractions 2 Model-Driven Software Development - Web Abstractions 2 Presentation Transcript

  • Web Abstractions 1I access control policies, data validation, workflow, ajax, search Lecture 4 Course IN4308 Eelco Visser Master Computer Science http://eelcovisser.org Delft University of Technology Wednesday, March 10, 2010
  • Modeling Modeling IDEs Software Systems Modeling Transforming Web Programs Software Models Implementing Software Language Web Models Engineering Strategies Modeling Make your own Software Languages Software Languages Wednesday, March 10, 2010
  • Web Abstractions from a declarative point of view (we’ll investigate underlying mechanisms later) Wednesday, March 10, 2010
  • More Web Abstractions - Access control policies ★ constraints over objects ★ role-based AC, discretionary AC - Data validation ★ form validation ★ data integrity - Workflow - Search - AJAX: accessing page fragments (templates) Wednesday, March 10, 2010
  • Access Control Danny M. Groenewegen, Eelco Visser. Declarative Access Control for WebDSL: Combining Language Integration and Separation of Concerns. ICWE 2008: 175-188 Wednesday, March 10, 2010
  • Case 2: Access Control Policy for Conference Papers ★ has authors Authors ★ submit papers, read reviews Reviewers ★ write review for paper & discuss papers ★ are anonymous (for authors) Conflicts ★ author cannot be reviewer ★ reviewer not related to authors Wednesday, March 10, 2010
  • Access Control Mechanisms Wednesday, March 10, 2010
  • WebDSL Access Control Constraints over data model - boolean expression over properties of objects Rules restrict access to resources - page, template, action Infer restriction of navigation - don’t show link to inaccessible page or forbidden action Wednesday, March 10, 2010
  • Principal representation of principal turn on access control Wednesday, March 10, 2010
  • Access Control Rules ‘may access page f with argument x if boolean expression e is true’ Wednesday, March 10, 2010
  • Wiki Access Control Rules ‘anyone can view existing pages, only logged in users can create pages’ ‘only logged in users may edit pages’ Wednesday, March 10, 2010
  • Wiki Access Control Rules Wednesday, March 10, 2010
  • Wiki Access Control Rules Wednesday, March 10, 2010
  • Wiki Access Control Rules Wednesday, March 10, 2010
  • Wiki Access Control Rules Wednesday, March 10, 2010
  • Access Control Policies Wednesday, March 10, 2010
  • Access Control Policies Standard Policies - Mandatory access control - Discretionary access control - Role-based access control Mixing policies - Role-based + discretionary access control WebDSL - No restrictions on access control policies Wednesday, March 10, 2010
  • Encoding Access Control Policies Rules - Who may access which resources? - Who can apply which actions? Representation - How are permissions stored? Administration - How can permissions be changed? - Who can change permissions? Wednesday, March 10, 2010
  • Wiki: Data Model Wednesday, March 10, 2010
  • Wiki: User Interface Templates (abbreviated to navigation structure) Wednesday, March 10, 2010
  • Wiki: Generic Access Control Rules Wednesday, March 10, 2010
  • Mandatory Access Control Security Labels ★ Classification label protects object • Top Secret, Secret, Confidential, Unclassified ★ Clearance indicates access of subject Confidentiality rules ★ Read-down: clearance should be higher than or equal to classification document to read ★ Write-up: clearance is lower than or equal to classification of document to write Wednesday, March 10, 2010
  • MAC: representation Wednesday, March 10, 2010
  • MAC: predicates Wednesday, March 10, 2010
  • Discretionary Access Control Access control lists - objects have owner - owner grants, revokes users access to object Example: Unix file permissions - read, write, execute permissions for - owner, group, anyone Wednesday, March 10, 2010
  • DAC: representation Wednesday, March 10, 2010
  • DAC: predicates Wednesday, March 10, 2010
  • DAC: administration Wednesday, March 10, 2010
  • Role-Based Access Control Role: group of activities - authorization assigned to roles - users assigned to roles - robust to organizational changes Hierarchical roles - least privilege: use minimal permissions for task Separation of duties - critical actions require coordination Wednesday, March 10, 2010
  • RBAC: representation Wednesday, March 10, 2010
  • RBAC: predicates Wednesday, March 10, 2010
  • RBAC: administration Wednesday, March 10, 2010
  • Mixing Access Control Policies Real policies - Mix of DAC & RBAC - AC rules are constraints over object graph WebDSL - No policies built-in Wednesday, March 10, 2010
  • Case 2: Access Control Policy for Conference Papers ★ has authors Authors ★ submit papers, read reviews Reviewers ★ write review for paper & discuss papers ★ are anonymous (for authors) Conflicts ★ author cannot be reviewer ★ reviewer not related to authors Wednesday, March 10, 2010
  • Data Validation Danny M. Groenewegen, Eelco Visser. Integration of Data Validation and User Interface Concerns in a DSL for Web Applications. SLE 2010 Wednesday, March 10, 2010
  • Data Validation Check input & maintain data integrity Types of validation - Value well-formedness - Data invariants - Input assertions - Action assertions User interface integration - Display errors Wednesday, March 10, 2010
  • Validation Rules data validation form validation action assertions messages Wednesday, March 10, 2010
  • Value Well-Formedness Wednesday, March 10, 2010
  • Customizing Value Well-Formedness Rules Wednesday, March 10, 2010
  • Data Invariants Wednesday, March 10, 2010
  • Data Invariants Wednesday, March 10, 2010
  • Data Invariants Wednesday, March 10, 2010
  • Data Invariants Wednesday, March 10, 2010
  • Input Assertions Wednesday, March 10, 2010
  • Action Assertions Wednesday, March 10, 2010
  • Customizing Error Messages Wednesday, March 10, 2010
  • Workflow Zef Hemel, Ruben Verhaaf, Eelco Visser. WebWorkFlow: An Object-Oriented Workflow Modeling Language for Web Applications. MoDELS 2008: 113-127 Note: WebWorkFlow is not supported by current version of WebDSL Wednesday, March 10, 2010
  • Workflow Coordinating activities by participants WebWorkFlow - object-oriented workflow definition - integrate all aspects of workflow ★ data ★ user interface ★ access control ★ control-flow - abstractions on top of base WebDSL Wednesday, March 10, 2010
  • WebWorkFlow by Example: Progress Meeting Wednesday, March 10, 2010
  • Wednesday, March 10, 2010
  • workflow procedure workflow object procedure call process definition Wednesday, March 10, 2010
  • parallel enable next step iterate Wednesday, March 10, 2010
  • access control access control Wednesday, March 10, 2010
  • Wednesday, March 10, 2010
  • Wednesday, March 10, 2010
  • action Wednesday, March 10, 2010
  • no user interface Wednesday, March 10, 2010
  • condition Wednesday, March 10, 2010
  • Workflow Remarks Recursive workflows (see paper) Issue: user interface patterns for workflow Is workflow an anti-pattern? - is workflow good interaction design? - determine order of user actions - what are alternatives? Wednesday, March 10, 2010
  • Search Wednesday, March 10, 2010
  • search annotations search queries Wednesday, March 10, 2010
  • AJAX Michel Weststrate. Abstractions for Asynchronous User Interfaces in Web Applications.Master's thesis, Delft University of Technology, 2009. Wednesday, March 10, 2010
  • AJAX Deliver page fragments, not just full pages - Replace page elements by new fragments - Templates are unit of replacement Wednesday, March 10, 2010
  • placeholder default view Wednesday, March 10, 2010
  • replace Wednesday, March 10, 2010
  • Summary Access control policies ★ constraints over objects ★ encoding of standard policies (DAC, RBAC) Data validation ★ form validation & data integrity Workflow ★ coordinating activities of multiple participants Search based on data model annotations AJAX: accessing page fragments (templates) Wednesday, March 10, 2010
  • Schedule Lab this week ★ WebDSL application Cases ★ Case 2: web abstractions ★ Read: Declarative Access Control for WebDSL ★ Read: Integration of Data Validation and User Interface Concerns ★ Read: WebWorkFlow Next ★ Lecture 5: WebDSL implementation strategies ★ Lecture 6 & 7: modeling languages Wednesday, March 10, 2010