Mauth: A fine-grained and user-centric permission delegation framework for web services

Mashups are a new breed of interactive web applications that aggregate and stitch together data retrieved from one or more sources to create an entirely new and innovative set of services. The paradigm is not limited to social networks and many enterprises are redesigning their business processes to create interactive systems in the form of mashups. However, protecting users' private data from unauthorized access in mashups is a challenging security problem. Existing solutions for addressing the various authorization problems are limited due to all-or-nothing policy, third party dependence and scalability issues. In this paper, we present a general permission delegation model for mashups that is fine-grained, user centric and scalable. This contribution has the following objectives: We formally specify the dependency relationships among multiple web applications. Dependency relationships are categorized on the basis of specific data items. We present an extensible reference architecture for configuring multiple web applications and a session management protocol.

[1]  Minos N. Garofalakis,et al.  MashMaker: mashups for the masses , 2007, SIGMOD '07.

[2]  Paul Brown,et al.  DAMIA - A Data Mashup Fabric for Intranet Applications , 2007, VLDB.

[3]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[4]  Helen J. Wang,et al.  MashupOS: Operating System Abstractions for Client Mashups , 2007, HotOS.

[5]  Tim O'Reilly,et al.  What is Web 2.0: Design Patterns and Business Models for the Next Generation of Software , 2007 .

[6]  Jason I. Hong,et al.  Marmite: Towards End-User Programming for the Web , 2007, IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC 2007).

[7]  Eric Bouillet,et al.  Wishful search: interactive composition of data mashups , 2008, WWW.

[8]  Marianne Winslett,et al.  Please Permit Me: Stateless Delegated Authorization in Mashups , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[9]  Anant Jhingran Enterprise information mashups: integrating information, simply , 2006, VLDB.

[10]  Michael Steiner,et al.  SMash: secure component model for cross-domain mashups on unmodified browsers , 2008, WWW.

[11]  Angelos D. Keromytis,et al.  Key note: Trust management for public-key infrastructures , 1999 .

[12]  Helen J. Wang,et al.  Subspace: secure cross-domain communication for web mashups , 2007, WWW '07.

[13]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.