Please permit me: Stateless delegated authorization in mashups

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2008, Pages 173-182

  Hasan, Ragib ^a   Winslett, Marianne ^a   Conlan, Richard ^b   Slesinsky, Brian ^b   Ramani, Nandakumar ^b  

^a University of Illinois at Urbana Champaign ^*  (United States)

^b GOOGLE INC   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS RIGHTS; FINE GRAINED; LEAST PRIVILEGES; LEGACY APPLICATIONS; MASHUPS; WEB 2.0;

AUTHENTICATION; INTERNET PROTOCOLS; SECURITY SYSTEMS;

COMPUTER APPLICATIONS;

EID: 60649094298     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2008.24     Document Type: Conference Paper

References (31)

1. Citrix NetScaler: Web application delivery with the highest availability, security and performance. Online at http://www.citrix.com/English/ps2/products/ product.asp?contentID=21679.
2. Mint.com personal finance website. Online at http://www.mint.com.
3. Web services delegation via MyProxy. Online at http://grid.ncsa.uiuc.edu/ myproxy/delegation/.
4. OAuth Specification 1.0. Online at http://oauth.net/core/1.0, 2007.
5. M. Altinel, P. Brown, S. Cline, R. Kartha, E. Louie, V. Markl, L. Mau, Y. Ng, D. Simmen, and A. Singh. Damia: a data mashup fabric for intranet applications. In Proceedings of the 33rd International Conference on Very Large Data Bases, pages 1370-1373. VLDB Endowment, 2007.
6. J. Basney, M. Humphrey, and V. Welch. The myproxy online credential repository. Software-Practice & Experience, 35(9):801-816, 2005.
7. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164-173, Oakland, CA, 1996.
8. M. Blaze, J. Ioannidis, and A. Keromytis. Experience with the KeyNote trust management system: Applications and future directions. In Proceedings of the 1st International Conference on Trust Management, pages 284-300. Springer, 2003.
9. S. Cetin, N. Altintas, H. Oguztuzun, A. Dogru, O. Tufekci, and S. Suloglu. A mashup-based strategy for migration to service-oriented computing. In Proceedings of the IEEE International Conference on Pervasive Services, pages 169-172, 2007.
10. D. Chadwick, A. Otenko, and E. Ball. Role-based access control with x.509 attribute certificates. IEEE Internet Computing, 07(2):62-69, 2003.
11. M. Davidson and E. Yoran. Enterprise security for web 2.0. COMPUTER, pages 117-119, 2007.
12. R. Dhamija, J. Tygar, and M. Hearst. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems, pages 581-590. ACM Press New York, NY, USA, 2006.
13. Google. Google account authentication (authsub). Online at http://code.google.com/apis/accounts/AuthForWebApps.html.
14. T. Hornung, K. Simon, and G. Lausen. Mashing up the deep web - research in progress. In 4th International Conference on Web Information Systems and Technologies (WEBIST) 2008, pages 58-66, Funchal, Madeira, Portugal, May 2008.
15. J. Howell, C. Jackson, H. Wang, and X. Fan. MashupOS: Operating system abstractions for client mashups. In Proceedings of the Workshop on Hot Topics in Operating Systems, May 2007.
16. C. Jackson and H. Wang. Subspace: secure cross-domain communication for web mashups. In Proceedings of the 16th International Conference on World Wide Web, pages 611-620. ACM Press New York, NY, USA, 2007.
17. A. Jhingran. Enterprise information mashups: integrating information, simply. In Proceedings of the 32nd International Conference on Very Large Data Bases, pages 3-4. VLDB Endowment, 2006.
18. J. Kahan. A capability-based authorization model for the world-wide web. Computer Networks and ISDN Systems, 27(6):1055-1064, 1995.
19. P. Karger. Mashups legitimize man-in-the-middle attacks: A position paper. In IEEE Web 2.0 Security and Privacy Workshop. IEEE, 2007.
20. F. D. Keukelaere, S. Bhola, M. Steiner, S. Chari, and S. Yoshihama. Smash: secure component model for cross-domain mashups on unmodified browsers. In WWW '08: Proceeding of the 17th International Conference on World Wide Web, pages 535-544, New York, NY, USA, 2008. ACM.
21. N. Kulathuramaiyer. Mashups: Emerging application development paradigm for a digital journal. Journal of Universal Computer Science, 13(4):531-542, April 2007.
22. G. Lawton. Web 2.0 creates security challenges. IEEE COMPUTER, 40:13-16, 2007.
23. N. Li, B. Grosof, and J. Feigenbaum. Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur., 6(1):128-171, 2003.
24. X. Liu, Y. Hui, W. Sun, and H. Liang. Towards service composition based on mashup. In Proceedings of the IEEE Congress on Services, pages 332-339, 2007.
25. J. Lopez, R. Oppliger, and G. Pernul. Authentication and authorization infrastructures (aais): a comparative survey. Computers & Security, 23(7):578-590, 2004.
26. S. K. Makki and J. Sangtani. Data mashups & their applications in enterprises. In Third IEEE International Conference on Internet and Web Applications and Services, pages 445-450, Athens, Greece, June 2008.
27. D. Merrill. Mashups: The new breed of web app. IBM Web Architecture Technical Library, 2006.
28. D. Recordon and D. Reed. Openid 2.0: a platform for user-centric identity management. In DIM '06: Proceedings of the second ACM workshop on Digital identity management, pages 11-16, New York, NY, USA, 2006. ACM.
29. C. Severance, G. Hardin, and A. Whyte. The coming functionality: mash-up in personal learning environments. Interactive Learning Environments, 16(1):47-62, 2008.
30. N. Zang, M. Rosson, and V. Nasser. Mashups: who? what? why? In CHI '08: CHI '08 extended abstracts on Human factors in computing systems, pages 3171-3176, New York, NY, USA, 2008. ACM.
31. J. Zou and C. Pavlovski. Towards accountable enterprise mashup services. In Proceedings of the IEEE International Conference on e-Business Engineering, pages 205-212. IEEE Computer Society Washington, DC, USA, 2007.