Abstract
Mashups have emerged as a Web 2.0 phenomenon, connecting disjoint applications together to provide unified services. However, scalable access control for mashups is difficult. To enable a mashup to gather data from legacy applications and services, users must give the mashup their login names and passwords for those services. This is not user-centric and the all-or-nothing approach violates the principle of least privilege and leaves users vulnerable to misuse of their credentials by malicious mashups. To overcome the limitations, this paper proposes an open identity framework, which leverages open identity protocol such as OpenID and OAuth. The framework can bring benefits to all the roles involved in the system in a non-intrusive and user-centric way. Open is a good design principle, and it is also the attitude and sprit of collaboration. We think that a mashup system based on open technologies could make the composition of services easier and accelerate the on-boarding of service providers. Moreover, more customers might also be attracted by the openness of the system.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
