A Novel Approach to Access Control for the Web

The rapidly developing Web environment provides users with a wide set of rich services as varied and complex as desktop applications. Those services are collectively referred to as “Web 2.0”, with examples such as Google Docs, Wikipedia, Wordpress or Flickr, that allow users to create, manage and share their content online. By switching from desktop applications to their Web equivalents more and more data gets released online. It is the user who creates data, who shares and disseminates this data, and who accesses it. Storing and sharing resources over a highly collaborative “Web 2.0” environment poses new security challenges. Access control, in particular, is currently poorly addressed in such an environment and is not well suited to the increasing amount of resources that are available online. We propose a novel approach to access control for the Web. Our approach puts a user in full control of their resources which may be scattered across multiple Web applications. Unlike existing authorization systems, it relies on a user’s centrally located security requirements for those resources. © 2009 University of Newcastle upon Tyne. Printed and published by the University of Newcastle upon Tyne, Computing Science, Claremont Tower, Claremont Road, Newcastle upon Tyne, NE1 7RU, England. Bibliographical details MACHULAK, M., VAN MOORSEL, A. A Novel Approach to Access Control for the Web [By] M Machulak, A van Moorsel Newcastle upon Tyne: University of Newcastle upon Tyne: Computing Science, 2009. (University of Newcastle upon Tyne, Computing Science, Technical Report Series, No. CS-TR-1157)