After Brazil’s General Data Protection Law: Authorization in Decentralized Web Applications
Decentralized web applications do not offer fine-grained access controls to users’ data, which potentially creates openings for data breaches. For software companies that need to comply with Brazil’s General Data Protection Law (LGPD), data breaches not only might harm application users but also cou...
Uloženo v:
| Hlavní autoři: | , , |
|---|---|
| Médium: | Artigos Científicos |
| Jazyk: | Inglês |
| Vydáno: |
2024
|
| Témata: | |
| On-line přístup: | https://bibliotecadigital.acervo.nic.br/handle/123456789/2217 https://doi.org/10.1145/3308560.3316461 |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
Přidat tag | _version_ | 1821241515850072064 |
|---|---|
| author | Silva, Jefferson O. Calegari, Newton Gomes, Eduardo S. |
| author_facet | Silva, Jefferson O. Calegari, Newton Gomes, Eduardo S. |
| author_sort | Silva, Jefferson O. |
| collection | DSpace |
| description | Decentralized web applications do not offer fine-grained access
controls to users’ data, which potentially creates openings for data
breaches. For software companies that need to comply with Brazil’s General Data Protection Law (LGPD), data breaches not only might harm application users but also could expose the companies to hefty fines. In this context, engineering fine-grained authorization controls (that comply with the LGPD) to decentralized web application requires creating audit trails, possibly in the source code.
Although the literature offers some solutions, they are scattered.
We present Esfinge Guardian, an authorization framework that
completely separates authorization from other concerns, which
increases compliance with the LGPD. We conclude the work with a
brief discussion. |
| format | Artigos Científicos |
| id | oai:null:123456789-2217 |
| institution | BibliotecaDigital |
| language | Inglês |
| publishDate | 2024 |
| record_format | dspace |
| spelling | oai:null:123456789-22172024-06-05T13:24:21Z After Brazil’s General Data Protection Law: Authorization in Decentralized Web Applications Silva, Jefferson O. Calegari, Newton Gomes, Eduardo S. Engenharia de software Lei Geral de Proteção de Dados (LGPD) Decentralized web applications do not offer fine-grained access controls to users’ data, which potentially creates openings for data breaches. For software companies that need to comply with Brazil’s General Data Protection Law (LGPD), data breaches not only might harm application users but also could expose the companies to hefty fines. In this context, engineering fine-grained authorization controls (that comply with the LGPD) to decentralized web application requires creating audit trails, possibly in the source code. Although the literature offers some solutions, they are scattered. We present Esfinge Guardian, an authorization framework that completely separates authorization from other concerns, which increases compliance with the LGPD. We conclude the work with a brief discussion. 2024-05-16T14:53:41Z 2024-05-16T14:53:41Z 2019-05-13 Artigos Científicos https://bibliotecadigital.acervo.nic.br/handle/123456789/2217 https://doi.org/10.1145/3308560.3316461 Inglês CC BY 2019 819-822 May application/pdf |
| spellingShingle | Engenharia de software Lei Geral de Proteção de Dados (LGPD) Silva, Jefferson O. Calegari, Newton Gomes, Eduardo S. After Brazil’s General Data Protection Law: Authorization in Decentralized Web Applications |
| title | After Brazil’s General Data Protection Law: Authorization in Decentralized Web Applications |
| title_full | After Brazil’s General Data Protection Law: Authorization in Decentralized Web Applications |
| title_fullStr | After Brazil’s General Data Protection Law: Authorization in Decentralized Web Applications |
| title_full_unstemmed | After Brazil’s General Data Protection Law: Authorization in Decentralized Web Applications |
| title_short | After Brazil’s General Data Protection Law: Authorization in Decentralized Web Applications |
| title_sort | after brazil’s general data protection law: authorization in decentralized web applications |
| topic | Engenharia de software Lei Geral de Proteção de Dados (LGPD) |
| url | https://bibliotecadigital.acervo.nic.br/handle/123456789/2217 https://doi.org/10.1145/3308560.3316461 |
| work_keys_str_mv | AT silvajeffersono afterbrazilsgeneraldataprotectionlawauthorizationindecentralizedwebapplications AT calegarinewton afterbrazilsgeneraldataprotectionlawauthorizationindecentralizedwebapplications AT gomeseduardos afterbrazilsgeneraldataprotectionlawauthorizationindecentralizedwebapplications |