Solving the problem of privacy by design can bring more than it costs. Answering in real time the Who/What/Where/When question in accessing private data enforces a application design that can have some other benefits.

Web application security : the WWWW challenge

As described in in previous post, the Who What Where/When is a key challenge behind the privacy by Design concept. Knowing at any time Who can access/modify What in which part of the process (When/Where) is a question that should be reliably answered to encore a proper web application security. The full data lifecycle has to be covered so that only the right people can access private data, and that this access is allowed only in the right step of the data lifecycle.

When analysing the code of existing applications where rights are managed without tools such as Confidentializer, one can discover how huge and complex the task is. As a matter of fact, for applications with a quite rich combination of states, users, and data sets this can become the main trigger for evolution costs.

Solving the WWWW challenge and being savvy

User Interfaces are most of the time built from a finite number of blocks that share the same privacy. A Web Application of several dozens of pages is often organised around a handful of main pages that have many variations targeting different users and moments in the lifecycle of the entities displayed on the page. For example a collaborative economy sales pages will display a product, information about the seller, messages exchanged with the seller. The page will be different for the seller, the seller when editing its ad, the buyer, the moderator, and this will change again depending on the sales status.

Those variations generate most of the app’s development cost.

Where centralised security boosts development efficiency

What if each UI block coud adapt itself in read/write/act mode depending on the user and context ?

That’s exactly what managing WWWW is about. Web application security is not necessarily a burden. If properly managed, this can be a vector for front end simplification. Each front end component, or page “widget” will only be developed once, adapting itself to the situation thanks to the fine grained access rights provided by the Confidentializer framework. Security is managed by a centralised security service and front end adapts so to avoid frustrating the user. This reduces a huge combination of situations to a flat list. A global security mechanism is implemented the same way in all widgets, the combination being managed by a security service powered by Confidentializer.

This brings several advantages:

Reduced costs
Parallelised work
Easier testing
Better adaptability to workflow changes

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

Confidentializer®

Web Application Security as an opportunity

Web application security : the WWWW challenge

Solving the WWWW challenge and being savvy

Where centralised security boosts development efficiency

About The Author

ezc

Leave a Reply Cancel Reply

Web application security : the WWWW challenge

Solving the WWWW challenge and being savvy

Where centralised security boosts development efficiency

Related Posts

About The Author

ezc

Leave a Reply Cancel Reply