89 research outputs found
Content Management in Ruby on Rails
Web development is currently driven by model-view-controller (MVC) frameworks. How has content management adapted to this scenario? This paper reviews content management features in Ruby on Rails framework and its most popular plug-ins. These features are distributed among the different layers of the MVC architectur
Design of a security mechanism for RESTful web service communication through mobile clients
Security is not taken into account by default in the Representational State Transfer (REST) architecture, but its layered architecture provides many opportunities for implementing it. In this paper, a security mechanism for Web service communication through mobile clients devices is proposed, that conforms to the REST architecture as much as possible. Results indicate that the custom security mechanism outperforms the Transport Layered Security (TLS) based system. Because of the genericness of REST, the proposed security mechanism can be adopted by a wide variety of other RESTful Web services
Enabling Machine Understandable Exchange of Energy Consumption Information in Intelligent Domotic Environments
In the 21st century, all the major countries around the world are coming together to reduce the impact of energy generation and consumption on the global environment. Energy conservation and its efficient usage has become a top agenda on the desks of many governments. In the last decade, the drive to make homes automated and to deliver a better assisted living picked pace and the research into home automation systems accelerated, usually based on a centralized residential gateway. However most devised solutions fail to provide users with information about power consumption of different house appliances. The ability to collect power consumption information can lead us to have a more energy efficient society. The goal addressed in this paper is to enable residential gateways to provide the energy consumption information, in a machine understandable format, to support third party applications and services. To reach this goal, we propose a Semantic Energy Information Publishing Framework. The proposed framework publishes, for different appliances in the house, their power consumption information and other properties, in a machine understandable format. Appliance properties are exposed according to the existing semantic modeling supported by residential gateways, while instantaneous power consumption is modeled through a new modular Energy Profile ontolog
A Comparative Usability Study of Two-Factor Authentication
Two-factor authentication (2F) aims to enhance resilience of password-based
authentication by requiring users to provide an additional authentication
factor, e.g., a code generated by a security token. However, it also introduces
non-negligible costs for service providers and requires users to carry out
additional actions during the authentication process. In this paper, we present
an exploratory comparative study of the usability of 2F technologies. First, we
conduct a pre-study interview to identify popular technologies as well as
contexts and motivations in which they are used. We then present the results of
a quantitative study based on a survey completed by 219 Mechanical Turk users,
aiming to measure the usability of three popular 2F solutions: codes generated
by security tokens, one-time PINs received via email or SMS, and dedicated
smartphone apps (e.g., Google Authenticator). We record contexts and
motivations, and study their impact on perceived usability. We find that 2F
technologies are overall perceived as usable, regardless of motivation and/or
context of use. We also present an exploratory factor analysis, highlighting
that three metrics -- ease-of-use, required cognitive efforts, and
trustworthiness -- are enough to capture key factors affecting 2F usability.Comment: A preliminary version of this paper appears in USEC 201
WebID+ACO: A distributed identification mechanism for social web.
Abstract. This paper defines an approach to managing digital identity requiring special-purpose technology on the browser client. We propose a mechanism using standards, such as HTTP(S) extended with WebID Protocol and Semantic Web ontologies and vocabularies. We present a scalable method that allows user authentication and authorization to work across multiple websites, enterprises, devices, and browsers in a uniform and easy-to-use manner
Securing The Root: A Proposal For Distributing Signing Authority
Management of the Domain Name System (DNS) root zone file is a uniquely global policy problem. For the Internet to connect everyone, the root must be coordinated and compatible. While authority over the legacy root zone file has been contentious and divisive at times, everyone agrees that the Internet should be made more secure. A newly standardized protocol, DNS Security Extensions (DNSSEC), would make the Internet's infrastructure more secure. In order to fully implement DNSSEC, the procedures for managing the DNS root must be revised. Therein lies an opportunity. In revising the root zone management procedures, we can develop a new solution that diminishes the impact of the legacy monopoly held by the U.S. government and avoids another contentious debate over unilateral U.S. control. In this paper we describe the outlines of a new system for the management of a DNSSEC-enabled root. Our proposal distributes authority over securing the root, unlike another recently suggested method, while avoiding the risks and pitfalls of an intergovernmental power sharing scheme
Контроль знаний с ответами на естественном языке
The problem testing of theoretical knowledge by automated testing systems is considered. Methods of construction of semantic models of natural language answer by means of the thesaurus of semantic fields are proposedРассмотрена проблема тестирования теоретических знаний в автоматизированных системах контроля. Предложены методы тестирования теоретических знаний на основе использования тезауруса семантических полей для построения концептуальных моделей текста ответа на естественном языкеРозглянуто проблему тестування теоретичних знань в автоматизованих системах контролю. Запропоновано методи тестування теоретичних знань на основі використання тезауруса семантичних полів для побудови концептуальних моделей тексту відповіді на природній мов
- …