The web 2.0 has changed the Internet landscape, users are no longer only consumers but now also prpducers of content. The increasing number of personal data published on web service providers fathered a new kind of applications: the mashups. These third-party applications access users' information through service providers' APIS via secure authorization protocols such as oAuth. But these protocols rely on the users who must blindly grant access to each mashup, with no idea beforehand about its trustworthiness.
We propose a Reputation Model for Mashups to address this issue. The R2M solution monitors mashups' calls on the web service Providers' APIS, detects suspicious activities, and finally reports to the user to collect his feedback in order to collaboratively build the mashup's reputation. We describe an implementation of R2M on the Bell Labs' service Dundai.com to prove its feasibility in a real use case. From this experimentation, we plan to collect user experience to improve the RZM key mechanisms and refine the reputation computation.
[1]
Cristina Nita-Rotaru,et al.
A survey of attack and defense techniques for reputation systems
,
2009,
CSUR.
[2]
John R. Douceur,et al.
The Sybil Attack
,
2002,
IPTPS.
[3]
John Krumm,et al.
User-Generated Content
,
2008,
IEEE Pervasive Comput..
[4]
Chrysanthos Dellarocas,et al.
Mechanisms for coping with unfair ratings and discriminatory behavior in online reputation reporting systems
,
2000,
ICIS.
[5]
Tyrone Grandison,et al.
Accessing the deep web: when good ideas go bad
,
2008,
OOPSLA Companion.
[6]
Audun Jøsang,et al.
A survey of trust and reputation systems for online service provision
,
2007,
Decis. Support Syst..
[7]
Marianne Winslett,et al.
Please Permit Me: Stateless Delegated Authorization in Mashups
,
2008,
2008 Annual Computer Security Applications Conference (ACSAC).