Object-Oriented Business Solutions

This report summarises the presentations, discussions, and main results of the ECOOP’01 Workshop on Object-Oriented Business Solutions (WOOBS). It was not a pure scientific meeting, but a mixed gathering where people from the industry and the academia met to exchange ideas, experiences and build a network of relationships with others committed to the emergence of object-oriented business solutions. WOOBS had an invited talk on quality of service, twelve presentations and lively discussions during and after them. The main conclusions were on the importance of Multi-Organisational Web-Based Systems in today’s e-commerce world, which justifies the study of a new multidisciplinary paradigm called Web-Oriented Programming

DS RBAC – Dynamic Sessions in Role Based Access Control

Abstract: Besides the well established access control models, Discretionary Access Control (DAC) and Mandatory Access Control (MAC), the policy neutral Role Based Access Control (RBAC) is gaining increasingly momentum. An important step towards a wide acceptance of RBAC has been achieved by the standardization of RBAC through the American National Standards Institute (ANSI) in 2004. While the concept of sessions specified in the ANSI RBAC standard allows for differentiated role selections according to tasks that have to be performed by users, it is very likely that more roles will be activated in a session than are effectively needed to perform the intended activity. Dynamic Sessions in RBAC (DS RBAC) is an extension to the existing RBAC ANSI standard that dynamically deactivates roles in a session if they are not exercised for a certain period of time. This allows for the selection of an outer-shell of possibly needed permissions at the initation of a session through a user, while adhering to the principle of least privilege by automatically reducing the effective permission space to those roles really exercised in the session. Analogous to the working set model known from virtual memory, only the minimal roles containing permissions recently exercised by the user are left in a session in the DS RBAC model. If the user tries to access a role that has aged out due to inactivity, a role fault occurs. A role fault can be resolved by the role fault handler that is responsible for re-activating the expired role. As will be presented in this paper, role re-activation may be subject to constraints that have to be fulfilled by the user in order to re-access the aged role

Teaching Software Engineering and Encouraging Entrepreneurship through E-Commerce

In this paper we report on a project carried out at the University of Linz, initially involving electronic marketing of a software product developed by a team of students. The aim of the project, in part, was to develop in the students an understanding of practical issues of electronic commerce and entrepreneurship. We report on this aspect and comment also on security issues raised concerning the use of electronic commerce in a small-scale marketing operation, using E-Commerce for improving teaching software engineering as well as (non-monetary) benefits a department can get from being actively involved in E-Commerce

Personalization of Web-Based Interfaces for Humans and Agents, Applied to E-Government Portals

An important part of E-Government is bringing administration closer to citizens. A way for this are webportals, where information and (increasingly in the future) online transactions are possible. To improve the utility of these portals, personalization can be used for presenting more tightly focused information