Title :
Please Permit Me: Stateless Delegated Authorization in Mashups
Author :
Hasan, Ragib ; Winslett, Marianne ; Conlan, Richard ; Slesinsky, Brian ; Ramani, Nandakumar
Author_Institution :
Dept. of Comput. Sci., Univ. of Illinois at Urbana-Champaign, Urbana, IL
Abstract :
Mashups have emerged as a Web 2.0 phenomenon, connecting disjoint applications together to provide unified services. However, scalable access control for mashups is difficult. To enable a mashup to gather data from legacy applications and services, users must give the mashup their login names and passwords for those services. This all-or-nothing approach violates the principle of least privilege and leaves users vulnerable to misuse of their credentials by malicious mashups. In this paper, we introduce delegation permits - a stateless approach to access rights delegation in mashups - and describe our complete implementation of a permit-based authorization delegation service. Our protocol and implementation enable fine grained, flexible, and stateless access control and authorization for distributed delegated authorization in mashups, while minimizing attackers´ ability to capture and exploit users´ authentication credentials.
Keywords :
Internet; authorisation; cryptographic protocols; Web 2.0 phenomenon; access control protocol; legacy application; mashup; stateless distributed delegated authorization; Access control; Access protocols; Application software; Authentication; Authorization; Calendars; Computer science; Computer security; Mashups; Permission; Access control; Delegation; Mashup; Web 2.0;
Conference_Titel :
Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Conference_Location :
Anaheim, CA
Print_ISBN :
978-0-7695-3447-3
DOI :
10.1109/ACSAC.2008.24
