GAMMA - A platform independent framework for reusable authentication, authorization, and auditing components

Security is nowadays recognized as an absolute need in software development. Although thoroughly researched concepts for access control exist that have been proven in mainframe computing, we still lack of adequate mechanisms that can be used in today’s development of modern software architectures. However, currently we face the situation that security mechanisms have often been added to existing software causing many of the well-known deficiencies found in software products. One reason may be the lack of appropriate reusable components that support application developers. Another reason might be that applications have diverse security requirements that cannot be handled adequately. Thus, security is often addressed and implemented directly into the code, reducing reusability, maintainability, and flexibility aspects. However, with rise of component-based software development security models needs to be made available for reuse, encapsulating the security logic from the business logic. This thesis presents GAMMA, a platform and architecture neutral framework, that offers reusable authentication, authorization, and auditing mechanisms by providing declarative security mechanisms. Declarative security allows the decoupling of security logic completely from the application logic, allowing to write highly flexible, reusable but still security aware software components and applications. Furthermore, this concept is proven by presenting a reference implementation of this framework which offers several ready-to-use but still extensible authentication, authorization, and auditing mechanisms that can be transparently integrated into applications.