论文信息 - MAuth: A Fine-Grained and User-centric Permission Delegation Framework for Multi-mashup Web Services

MAuth: A Fine-Grained and User-centric Permission Delegation Framework for Multi-mashup Web Services

Mashups are a new breed of interactive web applications that aggregate and stitch together data retrieved from one or more sources to create an entirely new and innovative set of services. The paradigm is not limited to social networks and many enterprises are redesigning their business processes to create interactive systems in the form of mashups. However, protecting users' private data from unauthorized access in mashups is a challenging security problem. Existing solutions for addressing the various authorization problems are limited due to all-or-nothing policy, third party dependence and scalability issues. In this paper, we present a general permission delegation model for mashups that is fine-grained, user centric and scalable. This contribution has the following objectives: We formally specify the dependency relationships among multiple web applications. Dependency relationships are categorized on the basis of specific data items. We present an extensible reference architecture for configuring multiple web applications and a session management protocol.

Xinwen Zhang | Mohammad Nauman | Masoom Alam | Sohail Khan | Quratulain Alam

[1] Jeffrey Wong,et al. Making mashups with marmite: towards end-user programming for the web , 2007, CHI.

[2] Marianne Winslett,et al. Please Permit Me: Stateless Delegated Authorization in Mashups , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[3] Anant Jhingran. Enterprise information mashups: integrating information, simply , 2006, VLDB.

[4] Helen J. Wang,et al. Subspace: secure cross-domain communication for web mashups , 2007, WWW '07.

[5] Michael Steiner,et al. SMash: secure component model for cross-domain mashups on unmodified browsers , 2008, WWW.

[6] Minos N. Garofalakis,et al. MashMaker: mashups for the masses , 2007, SIGMOD '07.

[7] Helen J. Wang,et al. MashupOS: Operating System Abstractions for Client Mashups , 2007, HotOS.

[8] Joan Feigenbaum,et al. Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[9] Paul Brown,et al. DAMIA - A Data Mashup Fabric for Intranet Applications , 2007, VLDB.

[10] Eric Bouillet,et al. Wishful search: interactive composition of data mashups , 2008, WWW.

[11] Angelos D. Keromytis,et al. Key note: Trust management for public-key infrastructures , 1999 .