Design and implementation of the idemix anonymous credential system
Proceedings of the 9th ACM conference on Computer and communications security
A uniform framework for regulating service access and information release on the web
Journal of Computer Security
Privacy in browser-based attribute exchange
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Privacy and identity management for everyone
Proceedings of the 2005 workshop on Digital identity management
Establishing and protecting digital identity in federation systems
Journal of Computer Security - The First ACM Workshop on Digital Identity Management -- DIM 2005
Subspace: secure cross-domain communication for web mashups
Proceedings of the 16th international conference on World Wide Web
MashMaker: mashups for the masses
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
Protection and communication abstractions for web browsers in MashupOS
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
SMash: secure component model for cross-domain mashups on unmodified browsers
Proceedings of the 17th international conference on World Wide Web
Privacy and Identity Management
IEEE Security and Privacy
Notarized federated ID management and authentication
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
OMOS: A Framework for Secure Communication in Mashup Applications
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Securing frame communication in browsers
SS'08 Proceedings of the 17th conference on Security symposium
Federated identity-management protocols
Proceedings of the 11th international conference on Security Protocols
Point-based trust: define how much privacy is worth
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Towards privacy-enhancing identity management in mashup-providing platforms
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Secure mashup-providing platforms - implementing encrypted wiring
ICWE'11 Proceedings of the 11th international conference on Current Trends in Web Engineering
Doctoral colloquium: integrating web content into mashups on desktop and mobile devices
GPC'11 Proceedings of the 6th international conference on Grid and Pervasive Computing
| Hi-index | 0.00 |
This paper concerns the problem of identity management in modern Web-2.0-based mashup applications. Identity management supports convenient access to information when mashups are used in sensitive environments, such an banking, investment and online shopping, by providing services such as single sign-on. We present Web2ID, a new identity management protocol tailored for mashup applications. Web2ID leverages a secure mashup framework and enables transfer of credentials between a service provider and a consumer. We also describe a new relay framework in which communication between two service providers is mediated by a relay agent within the mashup. We show that Web2ID is privacy-preserving and prevents service providers from learning a user's surfing habits. We present an implementation of Web2ID and the relay framework using a JavaScript-based library that executes within the browser. Our implementation does not require client-side changes and is therefore fully compatible even with legacy browsers. We also highlight the key challenges faced in creating a portable, in-browser library to support identity management in mashups.