research-article

A design of usable and secure access-control APIs for mashup applications

Authors:

Ryota Hashimoto,

Michio ShimomuraAuthors Info & Claims

DIM '09: Proceedings of the 5th ACM workshop on Digital identity management

Pages 31 - 34

https://doi.org/10.1145/1655028.1655037

Published: 13 November 2009 Publication History

Abstract

Mashups, which are applications that are developed rapidly by combining multiple Web applications, are currently gathering much attention. One issue arising when creating mashups using data that is subject to access control is the difficulty in adding authentication and access control functions without losing the advantage of rapid development. We discuss the design and prototype implementation of an access control platform called SAXAE. SAXAE supports more secure and easy development of mashups. Its API enables both more secure and easier to use data protected by access control protocols.

References

[1]

Wong, J. and Hong. J. 2008. What do we "mashup" when we make mashups? In Proceedings of the 4th international

Digital Library

[2]

Newcomer, E. and Lomow, G. 2005. Understanding SOA with Web Services. Addison Wesley.

Digital Library

[3]

Milanovic, N. and Malek, M. 2004. Current solutions for Web service composition, Internet Computing, IEEE, vol. 8, no. 6, pp. 51--59.

Digital Library

[4]

Hartmann, B., Doorley, S. and Klemmer, S. R. 2008. Hacking, mashing, gluing: Understanding opportunistic design, Pervasive Computing, IEEE, vol. 7, no. 3, pp. 46--54

Digital Library

[5]

OASIS. Security Assertion Markup Language (SAML) version 2.0 Spec. http://saml.xml.org/saml-specifications

[6]

Atwood, M. et al. OAuth Core 1.0 Specification. http://oauth.net/core/1.0/

[7]

Warner, J. and Chun, S. A. 2008. A citizen privacy protection model for e-government mashup services. In Proceedings of the 2008 international Conference on Digital Government Research (Montreal, Canada, May 18-21, 2008); ACM International Conference Proceeding Series, vol. 289; Digital Government Society of North America, 188--196.

Digital Library

[8]

Close, T. 2008. Web-key: Mashing with Permission. In Proceedings of Web 2.0 Security and Privacy 2008 (in conjunction with 2008 IEEE Symposium on Security and Privacy).

[9]

Fielding, R. T. 2000. Architectural Styles and the Design of Network-Based Software Architectures. Doctoral Thesis. University of California, Irvine.

Digital Library

[10]

Jackson, C. and Wang, H. J. 2007. Subspace: secure cross-domain communication for web mashups. In Proceedings of the 16th International Conference on World Wide Web (Banff, Alberta, Canada, May 08-12, 2007). WWW '07. ACM, New York, NY, 611--620.

Digital Library

[11]

De Keukelaere, F., Bhola, S., Steiner, M., Chari, S., and Yoshihama, S. 2008. SMash: secure component model for cross-domain mashups on unmodified browsers. In Proceeding of the 17th International Conference on World Wide Web. ACM, New York, NY, 535--544.

Digital Library

[12]

Ur Rehman, R. 2008. Get Ready for OpenID. Conformix Technologies Inc.

[13]

Liberty Alliance Project. Liberty Alliance ID-WSF v2.0 Specification. http://www.projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications_including_errata_v1_0_updates

[14]

Globus Project. GT4 WS AA Authorization Framework Release Notes. http://www.globus.org/toolkit/docs/development/4.1.2/security/authzframe/authzframe-release-notes.html

[15]

AOL LLC. 2007. OpenAuth Overview. http://dev.aol.com/openauth_overview

[16]

Google, Inc. Google Data APIs Authentication Overview. http://code.google.com/apis/gdata/auth.html

[17]

Yahoo!, Inc. Browser-Based Authentication. http://developer.yahoo.com/auth/

Cited By

Yan DTian YYang F(2015)Privacy-preserving authorization method for mashupsSecurity and Communication Networks10.1002/sec.13228:18(4421-4435)Online publication date: 1-Dec-2015
https://dl.acm.org/doi/10.1002/sec.1322
Hartikainen MSalminen AKallio J(2012)Towards Mobile Multimedia Mashup ArchitectureProceedings of the 2012 38th Euromicro Conference on Software Engineering and Advanced Applications10.1109/SEAA.2012.28(439-445)Online publication date: 5-Sep-2012
https://dl.acm.org/doi/10.1109/SEAA.2012.28
Salminen AKallio JMikkonen T(2011)Towards Mobile Multimedia Mashup Ecosystem2011 IEEE International Conference on Communications Workshops (ICC)10.1109/iccw.2011.5963553(1-5)Online publication date: Jun-2011
https://doi.org/10.1109/iccw.2011.5963553
Show More Cited By

Index Terms

A design of usable and secure access-control APIs for mashup applications

Recommendations

An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
A dynamic context-aware access control architecture for e-services

The universal adoption of the Internet and the emerging web services technologies constitutes the infrastructure that enables the provision of a new generation of e-services and applications. However, the provision of e-services through the Internet ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

DIM '09: Proceedings of the 5th ACM workshop on Digital identity management

November 2009

94 pages

ISBN:9781605587868

DOI:10.1145/1655028

Program Chairs:
Elisa Bertino
CERIAS, Purdue University, USA
,
Thomas Gross
IBM Research, Switzerland
,
Kenji Takahashi
NTT, Japan

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 13, 2009

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 16 of 34 submissions, 47%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
438
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yan DTian YYang F(2015)Privacy-preserving authorization method for mashupsSecurity and Communication Networks10.1002/sec.13228:18(4421-4435)Online publication date: 1-Dec-2015
https://dl.acm.org/doi/10.1002/sec.1322
Hartikainen MSalminen AKallio J(2012)Towards Mobile Multimedia Mashup ArchitectureProceedings of the 2012 38th Euromicro Conference on Software Engineering and Advanced Applications10.1109/SEAA.2012.28(439-445)Online publication date: 5-Sep-2012
https://dl.acm.org/doi/10.1109/SEAA.2012.28
Salminen AKallio JMikkonen T(2011)Towards Mobile Multimedia Mashup Ecosystem2011 IEEE International Conference on Communications Workshops (ICC)10.1109/iccw.2011.5963553(1-5)Online publication date: Jun-2011
https://doi.org/10.1109/iccw.2011.5963553
Salminen A(2011)Doctoral colloquiumProceedings of the 6th international conference on Grid and Pervasive Computing10.1007/978-3-642-27916-4_19(164-171)Online publication date: 11-May-2011
https://dl.acm.org/doi/10.1007/978-3-642-27916-4_19
Cortizo JDiaz LCarrero FYanes AMonsalve B(2011)On the Future of Mobile Phones as the Heart of Community-Built DatabasesCommunity-Built Databases10.1007/978-3-642-19047-6_11(261-287)Online publication date: 12-Apr-2011
https://doi.org/10.1007/978-3-642-19047-6_11

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents