Establishing Role-based Access Control in Viewpoint-oriented Variability Management
This work addresses access control issues in variability management for software engineers, but it appears incremental as it builds on existing concepts.
The paper tackles the problem of controlling access to variability information in software engineering by integrating an access control model with a variability modeling language, resulting in a formal solution for defining access control.
Process roles are used to structure complex engineering processes in single sys-tems development for many years. Typically, each role has specific responsi-bilities from which certain information demands originate. In the engineering of variable software, role-specific information demands affect variability in-formation. To control the access to the variability information, we suggest us-ing the concepts of an explicit access control model. We integrate an access control model and a variability modeling language on a conceptual level. Ad-ditionally, we extend the variability modeling language by formally defined operations. Based on this extension, we propose a formal integration of an ac-cess control model and the variability modeling language. Our solution allows to explicitly define access control to variability information on a formal basis.