UML-based Web Engineering (UWE)

Contains the data structure used by the application.

Is given by a UWE Role Model and a Basic Rights Model. The former describes the hierarchy of user groups to be used for authorization and access control issues. It is usually part of a User Model, which specifies basic structures, as e.g., that a user can take on certain roles simultaneously. The latter defines the access control policies. It constrains elements from the Content Model and from the Role Model.

Details the flow of actions to be executed.

Defines the navigation flow of the application and navigational access control policies. The former shows which possibilities of navigation exist in a certain context. The latter specifies which roles are allowed to navigate to a specific state and the action taken in case access cannot be granted. In a web application such actions can be, e.g., to logout the user and to redirect to the login form or just to display an error message. Furthermore, secure connections between server and browser are modeled, too.