Security in opensocial-instrumented social networking services

Authors:
Matthias Häsel;Luigi Lo Iacono
Affiliations:
XING AG, Hamburg, Germany;Europäische Fachhochschule (EUFH), Brühl, Germany
Venue:
CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
Year:
2010

Citing 4
Cited 0

Handbook of Applied Cryptography

Handbook of Applied Cryptography
XML signature element wrapping attacks and countermeasures

Proceedings of the 2005 workshop on Secure web services
Vulnerable Cloud: SOAP Message Security Validation Revisited

ICWS '09 Proceedings of the 2009 IEEE International Conference on Web Services
Opensocial: an enabler for social applications on the web

Communications of the ACM

Quantified Score

Hi-index	0.00

Visualization

Abstract

Securing social networking services is challenging and becomes even more complex when third-party applications are able to access user data. Still, adequate security and privacy solutions are imperative in order to build and maintain trust in such extensible social platforms. This paper discusses security issues in the context of OpenSocial-instrumented social networking services. It shows that the OpenSocial specification is far from being comprehensive in respect to security. Resulting weaknesses and shortcomings are emphasized and discussed. Finally, the paper attempts to fill these gaps by proposing extensions to the OpenSocial specification and recommendations for social networks that implement OpenSocial.