Secure file system services for web 2.0 applications
Proceedings of the 2009 ACM workshop on Cloud computing security
R2M: a reputation model for mashups
CCNC'10 Proceedings of the 7th IEEE conference on Consumer communications and networking conference
SAuthMash: mobile agent based self authorization in mashups
Proceedings of the 7th International Conference on Frontiers of Information Technology
Towards privacy-enhancing identity management in mashup-providing platforms
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
xDAuth: a scalable and lightweight framework for cross domain access control and delegation
Proceedings of the 16th ACM symposium on Access control models and technologies
POAuth: privacy-aware open authorization for native apps on smartphone platforms
Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
Secure mashup-providing platforms - implementing encrypted wiring
ICWE'11 Proceedings of the 11th international conference on Current Trends in Web Engineering
Hi-index | 0.00 |
Mashups have emerged as a Web 2.0 phenomenon, connecting disjoint applications together to provide unified services. However, scalable access control for mashups is difficult. To enable a mashup to gather data from legacy applications and services, users must give the mashup their login names and passwords for those services. This all-or-nothing approach violates the principle of least privilege and leaves users vulnerable to misuse of their credentials by malicious mashups. In this paper, we introduce delegation permits—a stateless approach to access rights delegation in mashups—and describe our complete implementation of a permit-based authorization delegation service. Our protocol and implementation enable fine grained, flexible, and stateless access control and authorization for distributed delegated authorization in mashups, while minimizing attackers' ability to capture and exploit users' authentication credentials.