London 20 & 21st May 2010, Westminster Conference Centre

Architecting Access (Business Rules) in Development

Time-of-check-time-of-use errors are a common vulnerability pattern in Web applications.  We present an architecture based on access control to mediate that vulnerability pattern.  Access control is defined by business rules and the enforced by the Web application.  Application owners (business) specify business rules in a formalized language that is interpreted by the access control enforcement mechanism.