PEP4Django A Policy Enforcement Point for Python Web Applications

Carlos Eduardo Da Silva, Welkson De Medeiros, Silvio Sampaio
2019 Anais do IX Workshop de Gestão de Identidades Digitais (WGID 2019)   unpublished
Traditionally, access control mechanisms have been hard-coded into application components. Such approach is error-prone, mixing business logic with access control concerns, and affecting the flexibility of security policies, as is the case with IFRN SUAP Django-based system. The externalization of access control rules allows their decoupling from business logic, through the use of authorization servers where access control policies are stored and queried for computing access decisions. In this
more » ... ontext, this paper presents an approach that allows a Django Web application to delegate access control decisions to an external authorization server. The approach has been integrated into an enterprise level system, which has been used for experimentation. The results obtained indicate a negligible overhead, while allowing the modification of access control policies without interrupting the system.
doi:10.5753/wgid.2019.14021 fatcat:kgrro4q5qjggvjstuyuc43ihxu