TY - GEN
T1 - Beyond user-to-user access control for online social networks
AU - Shehab, Mohamed
AU - Squicciarini, Anna Cinzia
AU - Ahn, Gail-Joon
PY - 2008
Y1 - 2008
N2 - With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications (or APIs). At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given full read access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage the third party to user interactions. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services.
AB - With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications (or APIs). At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given full read access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage the third party to user interactions. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services.
UR - http://www.scopus.com/inward/record.url?scp=57049132798&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=57049132798&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-88625-9_12
DO - 10.1007/978-3-540-88625-9_12
M3 - Conference contribution
AN - SCOPUS:57049132798
SN - 3540886249
SN - 9783540886242
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 174
EP - 189
BT - Information and Communications Security - 10th International Conference, ICICS 2008, Proceedings
PB - Springer Verlag
T2 - 10th International Conference on Information and Communications Security, ICICS 2008
Y2 - 20 October 2008 through 22 October 2008
ER -