Poster: Toward Enabling Secure Web 2.0 Content Sharing Beyond Walled Gardens

San-Tsai Sun ; Konstantin Beznosov

10 June 2009

Abstract: Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). In this paper, we propose an approach for Web 2.0 content sharing beyond walled gardens. The system is built upon the existing secret-link mechanism and augments OpenID identity providers with both an OpenIDemail extension and a role-based trust-management policy service (RTPS). OpenIDemail extends the existing OpenID protocol to enable OpenID identity providers to use email as an alternative identifier. RTPS provides services for internet users to organize their online credentials and polices, and for CSPs to make access decisions. With our approach, the users do not need to setup an account on each CSP and do not require any special software installed to view shared content. The functionalities for content sharing using secret-link are shifted from CSPs to OpenIDemail providers. CSPs do not need to change their existing user management and access-control mechanisms. In addition, policy statements are URI-addressable, and same access policies can be reused and enforced across CSPs.

Keyword(s): Web 2.0 Controlled Sharing

Published in: San-Tsai Sun and Konstantin Beznosov. "Poster: Towards enabling secure Web 2.0 user content sharing beyond walled gardens," poster at the USENIX Security 2009, August 13th 2009.:

The record appears in these collections:

 Record created 2009-06-10, last modified 2013-05-22

Transfer from CDS 0.99.7:
Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)