A design of usable and secure access-control APIs for mashup applications

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2009, Pages 31-34

  Hashimoto, Ryota ^a   Ueno, Nachi ^a   Shimomura, Michio ^a  

^a NTT CORPORATION   (Japan)

Author keywords

Access control; Authentication; Authorization; Mashup; Web services

Indexed keywords

ACCESS CONTROL FUNCTION; ACCESS CONTROL PROTOCOL; AUTHORIZATION; MASHUPS; PROTOTYPE IMPLEMENTATIONS; RAPID DEVELOPMENT; WEB APPLICATION;

APPLICATION PROGRAMMING INTERFACES (API); AUTHENTICATION; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; INTERNET PROTOCOLS; SECURITY SYSTEMS; SOFTWARE PROTOTYPING; WEB SERVICES;

NETWORK SECURITY;

EID: 74049114072     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1655028.1655037     Document Type: Conference Paper

References (17)

1. Wong, J. and Hong. J. 2008. What do we "mashup" when we make mashups? In Proceedings of the 4th international Workshop on End-User Software Engineering. New York, NY, 35-39.
2. Newcomer, E. and Lomow, G. 2005. Understanding SOA with Web Services. Addison Wesley.
3. Milanovic, N. and Malek, M. 2004. Current solutions for Web service composition, Internet Computing, IEEE, vol. 8, no. 6, pp. 51-59.
4. Hartmann, B., Doorley, S. and Klemmer, S. R. 2008. Hacking, mashing, gluing: Understanding opportunistic design, Pervasive Computing, IEEE, vol. 7, no. 3, pp. 46-54
5. OASIS. Security Assertion Markup Language (SAML) version 2.0 Spec. http://saml.xml.org/saml-specifications
6. Atwood, M. et al. OAuth Core 1.0 Specification. http://oauth.net/core/1. 0/
7. Warner, J. and Chun, S. A. 2008. A citizen privacy protection model for e-government mashup services. In Proceedings of the 2008 international Conference on Digital Government Research (Montreal, Canada, May 18-21, 2008); ACM International Conference Proceeding Series, vol. 289; Digital Government Society of North America, 188-196.
8. Close, T. 2008. Web-key: Mashing with Permission. In Proceedings of Web 2.0 Security and Privacy 2008 (in conjunction with 2008 IEEE Symposium on Security and Privacy).
9. Fielding, R. T. 2000. Architectural Styles and the Design of Network-Based Software Architectures. Doctoral Thesis. University of California, Irvine.
10. Jackson, C. and Wang, H. J. 2007. Subspace: secure cross-domain communication for web mashups. In Proceedings of the 16th International Conference on World Wide Web (Banff, Alberta, Canada, May 08-12, 2007). WWW '07. ACM, New York, NY, 611-620.
11. De Keukelaere, F., Bhola, S., Steiner, M., Chari, S., and Yoshihama, S. 2008. SMash: secure component model for cross-domain mashups on unmodified browsers. In Proceeding of the 17th International Conference on World Wide Web. ACM, New York, NY, 535-544.
12. Ur Rehman, R. 2008. Get Ready for OpenID. Conformix Technologies Inc.
13. Liberty Alliance Project. Liberty Alliance ID-WSF v2.0 Specification. http://www.projectliberty.org/resource-center/specifications/ liberty-alliance-id-wsf-2-0-specifications-including-errata-v1-0-updates
14. Globus Project. GT4 WS AA Authorization Framework Release Notes. http://www.globus.org/toolkit/docs/development/4.1.2/security/authzframe/ authzframe-release-notes.html
15. AOL LLC. 2007. OpenAuth Overview. http://dev.aol.com/openauth-overview
16. Google, Inc. Google Data APIs Authentication Overview. http://code.google.com/apis/gdata/auth.html
17. Yahoo!, Inc. Browser-Based Authentication. http://developer.yahoo.com/ auth/