Journal "Software Engineering" (Programmnaya Ingeneria) | Using Relation-Based Access Control Model within Django-Based Web Application

Main

New Issue

Archive

Most cited articles

Editor in chief

Editorial board

For the authors

Publishing ethic

Peer reviewing

Publishing House

Old site

Russian

Issue N5 2018 year

DOI: 10.17587/prin.9.195-208

Using Relation-Based Access Control Model within Django-Based Web Application

V. A. Vasenin, e-mail: vasenin@msu.ru, Faculty of Mechanics and Mathematics, Lomonosov Moscow State University, Moscow, 119991, Russian Federation, A. A. Itkes, e-mail: itkes@imec.msu.ru, Scientific Research Institute of Mechanics, Lomonosov Moscow State University, Moscow, 119192, Russian Federation

Corresponding author: Vasenin Valery A., Professor, Moscow State University, Moscow, 119191, Russian Federation, E-mail: vasenin@msu.ru

Received on February 26, 2018

Accepted on March 14, 2018

This article examines the approaches to implementation of relation-based access control model within Web applications based on the Django framework. It introduces the mechanisms of describing the access control models within the code of such systems providing ability to analyze the access control rules statically. At the same time the proposed access control implementation mechanism provides an easy way to maintain the access control model without need of writing access control rules on other languages but Python, which the Django library is written on. Also this article describes some ways of building automated tests for the relation-based access control mechanism.

Keywords: access control, information security, relation-based access control model, web applications

pp. 195–208

For citation:
Vasenin V. A., Itkes A. A. Using Relation-Based Access Control Model within Django-Based Web Applications, Programmnaya Ingeneria, 2018, vol. 9, no. 5, pp. 195—208.