Content Management in Ruby on Rails

Web development is currently driven by model-view-controller (MVC) frameworks. How has content management adapted to this scenario? This paper reviews content management features in Ruby on Rails framework and its most popular plug-ins. These features are distributed among the different layers of the MVC architectur

Design of a security mechanism for RESTful web service communication through mobile clients

Security is not taken into account by default in the Representational State Transfer (REST) architecture, but its layered architecture provides many opportunities for implementing it. In this paper, a security mechanism for Web service communication through mobile clients devices is proposed, that conforms to the REST architecture as much as possible. Results indicate that the custom security mechanism outperforms the Transport Layered Security (TLS) based system. Because of the genericness of REST, the proposed security mechanism can be adopted by a wide variety of other RESTful Web services

Enabling Machine Understandable Exchange of Energy Consumption Information in Intelligent Domotic Environments

In the 21st century, all the major countries around the world are coming together to reduce the impact of energy generation and consumption on the global environment. Energy conservation and its efficient usage has become a top agenda on the desks of many governments. In the last decade, the drive to make homes automated and to deliver a better assisted living picked pace and the research into home automation systems accelerated, usually based on a centralized residential gateway. However most devised solutions fail to provide users with information about power consumption of different house appliances. The ability to collect power consumption information can lead us to have a more energy efficient society. The goal addressed in this paper is to enable residential gateways to provide the energy consumption information, in a machine understandable format, to support third party applications and services. To reach this goal, we propose a Semantic Energy Information Publishing Framework. The proposed framework publishes, for different appliances in the house, their power consumption information and other properties, in a machine understandable format. Appliance properties are exposed according to the existing semantic modeling supported by residential gateways, while instantaneous power consumption is modeled through a new modular Energy Profile ontolog

A Comparative Usability Study of Two-Factor Authentication

Two-factor authentication (2F) aims to enhance resilience of password-based authentication by requiring users to provide an additional authentication factor, e.g., a code generated by a security token. However, it also introduces non-negligible costs for service providers and requires users to carry out additional actions during the authentication process. In this paper, we present an exploratory comparative study of the usability of 2F technologies. First, we conduct a pre-study interview to identify popular technologies as well as contexts and motivations in which they are used. We then present the results of a quantitative study based on a survey completed by 219 Mechanical Turk users, aiming to measure the usability of three popular 2F solutions: codes generated by security tokens, one-time PINs received via email or SMS, and dedicated smartphone apps (e.g., Google Authenticator). We record contexts and motivations, and study their impact on perceived usability. We find that 2F technologies are overall perceived as usable, regardless of motivation and/or context of use. We also present an exploratory factor analysis, highlighting that three metrics -- ease-of-use, required cognitive efforts, and trustworthiness -- are enough to capture key factors affecting 2F usability.Comment: A preliminary version of this paper appears in USEC 201

WebID+ACO: A distributed identification mechanism for social web.

Abstract. This paper defines an approach to managing digital identity requiring special-purpose technology on the browser client. We propose a mechanism using standards, such as HTTP(S) extended with WebID Protocol and Semantic Web ontologies and vocabularies. We present a scalable method that allows user authentication and authorization to work across multiple websites, enterprises, devices, and browsers in a uniform and easy-to-use manner

Securing The Root: A Proposal For Distributing Signing Authority

Management of the Domain Name System (DNS) root zone file is a uniquely global policy problem. For the Internet to connect everyone, the root must be coordinated and compatible. While authority over the legacy root zone file has been contentious and divisive at times, everyone agrees that the Internet should be made more secure. A newly standardized protocol, DNS Security Extensions (DNSSEC), would make the Internet's infrastructure more secure. In order to fully implement DNSSEC, the procedures for managing the DNS root must be revised. Therein lies an opportunity. In revising the root zone management procedures, we can develop a new solution that diminishes the impact of the legacy monopoly held by the U.S. government and avoids another contentious debate over unilateral U.S. control. In this paper we describe the outlines of a new system for the management of a DNSSEC-enabled root. Our proposal distributes authority over securing the root, unlike another recently suggested method, while avoiding the risks and pitfalls of an intergovernmental power sharing scheme

Контроль знаний с ответами на естественном языке

The problem testing of theoretical knowledge by automated testing systems is considered. Methods of construction of semantic models of natural language answer by means of the thesaurus of semantic fields are proposedРассмотрена проблема тестирования теоретических знаний в автоматизированных системах контроля. Предложены методы тестирования теоретических знаний на основе использования тезауруса семантических полей для построения концептуальных моделей текста ответа на естественном языкеРозглянуто проблему тестування теоретичних знань в автоматизованих системах контролю. Запропоновано методи тестування теоретичних знань на основі використання тезауруса семантичних полів для побудови концептуальних моделей тексту відповіді на природній мов