WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Authorization in workflows

From: Juan C Calderon <johnccr () yahoo com>
Date: Tue, 11 Apr 2006 11:05:45 -0500 (CDT)
Hello all

I'm making some research on authorization. I'm
describing RBAC to secure Web application, however,
sometimes web application have more granurar and
especial requierements. For example, in a Workflow,
authorization to perform an action is not only
dependant of user permissions but of worflow item
state (you cannot allow aproval on an item if it is
not complete even if the user is an approver).

So... my question is, do you know about a tool to
describe this in a document, something like a well
defined "workflow tree methodology" or similar.

Thank in advance,
Juan Carlos

__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis! 
Regístrate ya - http://correo.espanol.yahoo.com/ 

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: