1 research outputs found
User-controlled access management to resources on the Web
PhD ThesisThe rapidly developing Web environment provides users with a wide set of rich services as
varied and complex as desktop applications. Those services are collectively referred to as "Web
2.0", with such examples as Facebook, Google Apps, Salesforce, or Wordpress, among many
others. These applications are used for creating, managing, and sharing online data between
users and services on the Web. With the shift from desktop computers to the Web, users create
and store more of their data online and not on the hard drives of their computers. This data
includes personal information, documents, photos, as well as other resources. Irrespective of
the environment, either desktop or the Web, it is the user who creates the data, who disseminates
it and who shares this data. On the Web, however, sharing resources poses new security
and usability challenges which were not present in traditional computing. Access control, also
known as authorisation, that aims to protect such sharing, is currently poorly addressed in this
environment. Existing access control is often not well suited to the increasing amount of highly
distributed Web data and does not give users the required flexibility in managing their data.
This thesis discusses new solutions to access control for the Web. Firstly, it shows a proposal
named User-Managed Access Control (UMAC) and presents its architecture and protocol. This
thesis then focuses on the User-Managed Access (UMA) solution that is researched by the User-
Managed Access Work Group at Kantara Initiative. The UMA approach allows the user to
play a pivotal role in assigning access rights to their resources which may be spread across
multiple cloud-based Web applications. Unlike existing authorisation systems, it relies on a
user’s centrally located security requirements for these resources. The security requirements are
expressed in the form of access control policies and are stored and evaluated in a specialised
component called Authorisation Manager. Users are provided with a consistent User Experience
for managing access control for their distributed online data and are provided with a holistic
view of the security applied to this data. Furthermore, this thesis presents the software that
implements the UMA proposal. In particular, this thesis shows frameworks that allow Web
applications to delegate their access control function to an Authorisation Manager. It also
presents design and implementation of an Authorisation Manager and discusses its evaluation
conducted with a user study. It then discusses design and implementation of a second, improved
Authorisation Manager. Furthermore, this thesis presents the applicability of the UMA approach
and the implemented software to real-world scenarios