Technical Program
  Invited Speakers
  Technical Papers
  Practitioner Reports
Educators' Symposium
Doctoral Symposium
Student Research Comp.
Turing Lecture
Social Events
Week at a Glance
Final Program (1.5M .pdf)

Find in Program


view, help

"Architectural Patterns for Enabling Application Security"
Object-Oriented Programming, Systems, Languages and Applications
Home    Program    Housing & Transportation    Registration    Submissions    Wiki    Maps
  > Technical Program > Tutorials > All Tutorials

 : Tuesday Afternoon Tutorials (1:30 - 17:00) : Architecture and the Enterprise : Tuesday

Architectural Patterns for Enabling Application Security

Meeting Room 7
Tuesday, 13:30, half day


Joseph Yoder, The Refactory, Inc.:  Joseph W. Yoder from The Refactory, Inc., has worked on the architecture, design and implementation of software projects dating back to 1985. These projects range from stand-alone to client-server applications, multi-tiered, databases, object-oriented, frameworks, human-computer interaction, collaborative environments, web-based, and domain-specific visual-languages. Joe is the author of over two-dozen published patterns and has been working with patterns for a long time, writing his first pattern paper in 1995. Recently Joseph's focus has been on how to build dynamic and adaptable systems and he has been providing analysis, design, and mentoring along with writing papers to reflect these experiences.

Tutorial number: 43

Systems are often developed without security in mind. This omission is primarily because the application programmer is focusing more on trying to learn the domain rather than worrying about how to protect the system. In these cases, security is usually the last thing he or she needs or wants to worry about. When the time arrives to deploy these systems, it quickly becomes apparent that adding security is much harder than just adding a password protected login screen.

This tutorial will present a collection of patterns to be used when dealing with application security. Secure Access Layer provides an interface for applications to use the security of the systems on which they are built. Single Access Point limits entry into the application through one single point. Check Point gives the developer a way to handle an unknown or changing security policy. Groups of users have different Roles that define what they can and cannot do. The global information about the user is distributed throughout the application with a Session. Finally, users are presented with either a Limited View of legal options or are given a Full View With Errors. These patterns work to provide a security framework for building applications.

Intermediate: A good knowledge of object concepts and frameworks is required. A general understanding of the GOF patterns and security principles is also useful.