This paper describes a novel programming method for inserting a modular access control mechanism. It seems to be an attractive approach to reducing or eliminating traditional hardcoding of application access control logic. A new programming language construct called family polymorphism is highlighted as it is implemented in CaesarJ, a Java variant of an aspect-oriented programming (AOP) language. This paper will be interesting to programming language designers, Java and aspect-oriented programmers, and communities dealing with approaches for inserting and supporting various policy, security, and control languages.
One of the challenges facing architects of scalable information systems involves devising mechanisms for controlling access and routing information correctly. There are numerous traditional approaches available that require nonseamless interfaces with the programming language model (imperative access control). This paper proposes a novel approach that reduces these application-specific tangled seams by applying a modular access control service. Through novel use of CaesarJ, the authors show how access control can be developed without requiring invasive changes to application code, while also supporting a reusable authorization engine. The approach described shows how their use of the language supports a fine-grained service interception model for critical operations, which then invoke the desired policy enforcement technology.
Since AOP is still an emerging paradigm, any information on new languages such as CaesarJ is a welcome contribution to the computing field. The authors have provided a simple example that effectively shows how their approach improves alternatives. Their approach also highlights how family polymorphism provides the desired integration points to accomplish the nonintrusive insertion of application-specific semantic processing.