| As a typical application of Web 2.0, Mashup integrates logically related content from different sites and provides a unified interface to users. However, scalable access control for Mashup is difficult. To enable a Mashup to gather data from legacy applications and services, users must give the Mashup their login names and passwords for those services. This is not user-centric and the all-or-nothing appproach violates the principle of least privilege and leaves users vulnerable to misuse of their credentials by malicious Mashups.On the basis of detailed analysis on the consist of Mashup technologies, the thesis deeply analyses authentication and authorization issues in traditional Mashup applications. Then, to over come the limitations, the thesis proposes an open identity framework, which leverages open identity protocol such as OpenID and OAuth. It supports user to Single Sign-On and makes up of the authorized method of full-or-nothing of OAuth. These works can protect the privacy of users, help Mashup to access the protected resources of users, and obviously improve user experience. Besides, this thesis composes open source SDK of OpenID, OAuth and other protocols to implement the prototype of framework by building servers.The framework which not only solve the problems of traditional Mashup applications, but also has good expansibility, provides new ideas for resolving authentication and authorization issues in Internet. |
PDF Full Text Request