ICIS '00 Proceedings of the twenty first international conference on Information systems
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
A survey of trust and reputation systems for online service provision
Decision Support Systems
Accessing the deep web: when good ideas go bad
Companion to the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Please Permit Me: Stateless Delegated Authorization in Mashups
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Hi-index | 0.00 |
The web 2.0 has changed the Internet landscape, users are no longer only consumers but now also prpducers of content. The increasing number of personal data published on web service providers fathered a new kind of applications: the mashups. These third-party applications access users' information through service providers' APIS via secure authorization protocols such as oAuth. But these protocols rely on the users who must blindly grant access to each mashup, with no idea beforehand about its trustworthiness. We propose a Reputation Model for Mashups to address this issue. The R2M solution monitors mashups' calls on the web service Providers' APIS, detects suspicious activities, and finally reports to the user to collect his feedback in order to collaboratively build the mashup's reputation. We describe an implementation of R2M on the Bell Labs' service Dundai.com to prove its feasibility in a real use case. From this experimentation, we plan to collect user experience to improve the RZM key mechanisms and refine the reputation computation.