Model-Driven Software Development - Web Abstractions 2

1,315 views

Published on

Fourth lecture in course "Model-Driven Software Development" at Delft University of Technology

Published in: Education, Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,315
On SlideShare
0
From Embeds
0
Number of Embeds
65
Actions
Shares
0
Downloads
46
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Model-Driven Software Development - Web Abstractions 2

  1. 1. Web Abstractions 1I access control policies, data validation, workflow, ajax, search Lecture 4 Course IN4308 Eelco Visser Master Computer Science http://eelcovisser.org Delft University of Technology Wednesday, March 10, 2010
  2. 2. Modeling Modeling IDEs Software Systems Modeling Transforming Web Programs Software Models Implementing Software Language Web Models Engineering Strategies Modeling Make your own Software Languages Software Languages Wednesday, March 10, 2010
  3. 3. Web Abstractions from a declarative point of view (we’ll investigate underlying mechanisms later) Wednesday, March 10, 2010
  4. 4. More Web Abstractions - Access control policies ★ constraints over objects ★ role-based AC, discretionary AC - Data validation ★ form validation ★ data integrity - Workflow - Search - AJAX: accessing page fragments (templates) Wednesday, March 10, 2010
  5. 5. Access Control Danny M. Groenewegen, Eelco Visser. Declarative Access Control for WebDSL: Combining Language Integration and Separation of Concerns. ICWE 2008: 175-188 Wednesday, March 10, 2010
  6. 6. Case 2: Access Control Policy for Conference Papers ★ has authors Authors ★ submit papers, read reviews Reviewers ★ write review for paper & discuss papers ★ are anonymous (for authors) Conflicts ★ author cannot be reviewer ★ reviewer not related to authors Wednesday, March 10, 2010
  7. 7. Access Control Mechanisms Wednesday, March 10, 2010
  8. 8. WebDSL Access Control Constraints over data model - boolean expression over properties of objects Rules restrict access to resources - page, template, action Infer restriction of navigation - don’t show link to inaccessible page or forbidden action Wednesday, March 10, 2010
  9. 9. Principal representation of principal turn on access control Wednesday, March 10, 2010
  10. 10. Access Control Rules ‘may access page f with argument x if boolean expression e is true’ Wednesday, March 10, 2010
  11. 11. Wiki Access Control Rules ‘anyone can view existing pages, only logged in users can create pages’ ‘only logged in users may edit pages’ Wednesday, March 10, 2010
  12. 12. Wiki Access Control Rules Wednesday, March 10, 2010
  13. 13. Wiki Access Control Rules Wednesday, March 10, 2010
  14. 14. Wiki Access Control Rules Wednesday, March 10, 2010
  15. 15. Wiki Access Control Rules Wednesday, March 10, 2010
  16. 16. Access Control Policies Wednesday, March 10, 2010
  17. 17. Access Control Policies Standard Policies - Mandatory access control - Discretionary access control - Role-based access control Mixing policies - Role-based + discretionary access control WebDSL - No restrictions on access control policies Wednesday, March 10, 2010
  18. 18. Encoding Access Control Policies Rules - Who may access which resources? - Who can apply which actions? Representation - How are permissions stored? Administration - How can permissions be changed? - Who can change permissions? Wednesday, March 10, 2010
  19. 19. Wiki: Data Model Wednesday, March 10, 2010
  20. 20. Wiki: User Interface Templates (abbreviated to navigation structure) Wednesday, March 10, 2010
  21. 21. Wiki: Generic Access Control Rules Wednesday, March 10, 2010
  22. 22. Mandatory Access Control Security Labels ★ Classification label protects object • Top Secret, Secret, Confidential, Unclassified ★ Clearance indicates access of subject Confidentiality rules ★ Read-down: clearance should be higher than or equal to classification document to read ★ Write-up: clearance is lower than or equal to classification of document to write Wednesday, March 10, 2010
  23. 23. MAC: representation Wednesday, March 10, 2010
  24. 24. MAC: predicates Wednesday, March 10, 2010
  25. 25. Discretionary Access Control Access control lists - objects have owner - owner grants, revokes users access to object Example: Unix file permissions - read, write, execute permissions for - owner, group, anyone Wednesday, March 10, 2010
  26. 26. DAC: representation Wednesday, March 10, 2010
  27. 27. DAC: predicates Wednesday, March 10, 2010
  28. 28. DAC: administration Wednesday, March 10, 2010
  29. 29. Role-Based Access Control Role: group of activities - authorization assigned to roles - users assigned to roles - robust to organizational changes Hierarchical roles - least privilege: use minimal permissions for task Separation of duties - critical actions require coordination Wednesday, March 10, 2010
  30. 30. RBAC: representation Wednesday, March 10, 2010
  31. 31. RBAC: predicates Wednesday, March 10, 2010
  32. 32. RBAC: administration Wednesday, March 10, 2010
  33. 33. Mixing Access Control Policies Real policies - Mix of DAC & RBAC - AC rules are constraints over object graph WebDSL - No policies built-in Wednesday, March 10, 2010
  34. 34. Case 2: Access Control Policy for Conference Papers ★ has authors Authors ★ submit papers, read reviews Reviewers ★ write review for paper & discuss papers ★ are anonymous (for authors) Conflicts ★ author cannot be reviewer ★ reviewer not related to authors Wednesday, March 10, 2010
  35. 35. Data Validation Danny M. Groenewegen, Eelco Visser. Integration of Data Validation and User Interface Concerns in a DSL for Web Applications. SLE 2010 Wednesday, March 10, 2010
  36. 36. Data Validation Check input & maintain data integrity Types of validation - Value well-formedness - Data invariants - Input assertions - Action assertions User interface integration - Display errors Wednesday, March 10, 2010
  37. 37. Validation Rules data validation form validation action assertions messages Wednesday, March 10, 2010
  38. 38. Value Well-Formedness Wednesday, March 10, 2010
  39. 39. Customizing Value Well-Formedness Rules Wednesday, March 10, 2010
  40. 40. Data Invariants Wednesday, March 10, 2010
  41. 41. Data Invariants Wednesday, March 10, 2010
  42. 42. Data Invariants Wednesday, March 10, 2010
  43. 43. Data Invariants Wednesday, March 10, 2010
  44. 44. Input Assertions Wednesday, March 10, 2010
  45. 45. Action Assertions Wednesday, March 10, 2010
  46. 46. Customizing Error Messages Wednesday, March 10, 2010
  47. 47. Workflow Zef Hemel, Ruben Verhaaf, Eelco Visser. WebWorkFlow: An Object-Oriented Workflow Modeling Language for Web Applications. MoDELS 2008: 113-127 Note: WebWorkFlow is not supported by current version of WebDSL Wednesday, March 10, 2010
  48. 48. Workflow Coordinating activities by participants WebWorkFlow - object-oriented workflow definition - integrate all aspects of workflow ★ data ★ user interface ★ access control ★ control-flow - abstractions on top of base WebDSL Wednesday, March 10, 2010
  49. 49. WebWorkFlow by Example: Progress Meeting Wednesday, March 10, 2010
  50. 50. Wednesday, March 10, 2010
  51. 51. workflow procedure workflow object procedure call process definition Wednesday, March 10, 2010
  52. 52. parallel enable next step iterate Wednesday, March 10, 2010
  53. 53. access control access control Wednesday, March 10, 2010
  54. 54. Wednesday, March 10, 2010
  55. 55. Wednesday, March 10, 2010
  56. 56. action Wednesday, March 10, 2010
  57. 57. no user interface Wednesday, March 10, 2010
  58. 58. condition Wednesday, March 10, 2010
  59. 59. Workflow Remarks Recursive workflows (see paper) Issue: user interface patterns for workflow Is workflow an anti-pattern? - is workflow good interaction design? - determine order of user actions - what are alternatives? Wednesday, March 10, 2010
  60. 60. Search Wednesday, March 10, 2010
  61. 61. search annotations search queries Wednesday, March 10, 2010
  62. 62. AJAX Michel Weststrate. Abstractions for Asynchronous User Interfaces in Web Applications.Master's thesis, Delft University of Technology, 2009. Wednesday, March 10, 2010
  63. 63. AJAX Deliver page fragments, not just full pages - Replace page elements by new fragments - Templates are unit of replacement Wednesday, March 10, 2010
  64. 64. placeholder default view Wednesday, March 10, 2010
  65. 65. replace Wednesday, March 10, 2010
  66. 66. Summary Access control policies ★ constraints over objects ★ encoding of standard policies (DAC, RBAC) Data validation ★ form validation & data integrity Workflow ★ coordinating activities of multiple participants Search based on data model annotations AJAX: accessing page fragments (templates) Wednesday, March 10, 2010
  67. 67. Schedule Lab this week ★ WebDSL application Cases ★ Case 2: web abstractions ★ Read: Declarative Access Control for WebDSL ★ Read: Integration of Data Validation and User Interface Concerns ★ Read: WebWorkFlow Next ★ Lecture 5: WebDSL implementation strategies ★ Lecture 6 & 7: modeling languages Wednesday, March 10, 2010

×