SCS Undergraduate Thesis Topics
|Lulwa Ahmed El-Matbouly||Thierry Sans, Ph.D. and Soha Hussein, Ph.D.||An Authorization Model For The Web Programming Language Qwel|
With the fast growth of web technology, it is becoming easier for developers to design and deploy complex web applications. However, securing such web applications is becoming an increasing complex task as current technology provides limited support. Developers are required to reason about distributed computation and to write code using heterogeneous languages, often not originally designed with distributed computing in mind nor built-in security features.
Qwel is an experimental type-safe functional programming language for the web that has dedicated primitives for publishing and invoking web services. In this paper, we propose to extend Qwel with a decentralized authorization model allowing service providers to secure the web applications written in Qwel. This extension will provide web developers with built-in primitives to issue credentials to users and to express access control policies. Therefore, when a protected web service is deployed, the security policy will be evaluated dynamically according to the credentials supplied by the user invoking this web service. As a result, we show how these new language features can be used to implement common scenarios as well as more sophisticated ones.