A Collaborative Platform to Support the Enterprise 2.0 in Active Interactions with Customers

In recent years a new model of Enterprise 2.0, which interacts actively with customers using web 2.0 tools (chat, forum, blog, wiki), is developing. The enterprises, listening opinions and suggestions of customers, can improve the product/service. For a company, customer's opinions are very important both for the improvement of products and also for the reinforcement of the customer loyalty. The customer will be motivated to be loyal if the enterprise shows a strong attention to his/her needs. This paper presents a model of a collaborative and interactive platform that supports the Enterprise 2.0 in the management of communications and relationships with all stakeholder of the supply chain and in particular with customers. A good e-reputation of the company improves business performances

PALPAS - PAsswordLess PAssword Synchronization

Tools that synchronize passwords over several user devices typically store the encrypted passwords in a central online database. For encryption, a low-entropy, password-based key is used. Such a database may be subject to unauthorized access which can lead to the disclosure of all passwords by an offline brute-force attack. In this paper, we present PALPAS, a secure and user-friendly tool that synchronizes passwords between user devices without storing information about them centrally. The idea of PALPAS is to generate a password from a high entropy secret shared by all devices and a random salt value for each service. Only the salt values are stored on a server but not the secret. The salt enables the user devices to generate the same password but is statistically independent of the password. In order for PALPAS to generate passwords according to different password policies, we also present a mechanism that automatically retrieves and processes the password requirements of services. PALPAS users need to only memorize a single password and the setup of PALPAS on a further device demands only a one-time transfer of few static data.Comment: An extended abstract of this work appears in the proceedings of ARES 201

Security of social network credentials for accessing course portal: Users’ experience

Social login (SL) has recently emerged as a solution for single sign-on (SSO) within the web and mobile environments.It allows users to use their existing social network credentials (SNC) to login to third party web applications without the need to create a new identity in the intended applications’ database.Although it has been used by many web application providers, its’ applicability in accessing learning materials is not yet fully investigated.Hence, this research aims to explore users’ (i.e., instructors’ and students’) perception and experience on the security of SL for accessing learning contents.A course portal was developed for students at a higher learning institution and it provides two types of user authentications (i) traditional user authentication, and (ii) SL facility.Users comprised instructors and students evaluated the login facility of the course portal through a controlled lab experimental study following the within-subject design.The participants provided their feedback in terms of the security of SL for accessing learning contents.The study revealed that users preferred to use SL over the traditional authentication, however, they concerned on the security of SL and their privacy

Lowering the barriers for online cross-media usage: Scenarios for a Belgian single sign-on solution

The digitization has led to an ecosystem in which an online media portal has become an essential extension of traditional media and users are enabled to consume news and entertainment via different platforms. These evolutions pose some challenges for the media companies in terms of shifting business models, but they also bring them new possibilities in managing their relations with users. An important first step here is to identify the online users and turn anonymous users into registered ones. Today, however, there is a myriad of logins and passwords one needs when surfing the web, which can make the management of these logins a challenge for users. The Belgian media industry seeks to deal with this challenge by introducing a collaborative nation-wide single sign-on (SSO) system across their digital platforms, called Media ID. This paper provides four scenarios describing the potential outcomes in terms of user adoption and hence market potential of the integration of a SSO service into a regional media system. The scenarios are built upon focus group interviews with media users and in-depth interviews with the stakeholders from the involved media companies. They describe to what extent the innovative service can influence user’s online media consumption behaviour but also to what extent the media companies can implement it, two factors that mutually shape each other. In the discussion of the scenarios, requirements to ensure the broad applicability of a SSO service by both media users and media organizations are identified

Helping John to Make Informed Decisions on Using Social Login

Users make two privacy-related decisions when signing up for a new Service Provider (SP): (1) whether to use an existing Single Sign-On (SSO) account of an Identity Provider (IdP), or not, and (2) the information the IdP is allowed to share with the SP under specific conditions. From a privacy point of view, the use of existing social network-based SSO solutions (i.e. social login) is not recommended. This advice, however, comes at the expense of security, usability, and functionality. Thus, in principle, it should be up to the user to consider all advantages and disadvantages of using SSO and to consent to requested permissions, provided that she is well informed. Another issue is that existing social login sign-up interfaces are often not compliant with legal privacy requirements for informed consent and Privacy by Default. Accordingly, our research focuses on enabling informed decisions and consent in this context. To this end, we identified users’ problems and usability issues from the literature and an expert cognitive walkthrough.We also elicited end user and legal privacy requirements for user interfaces (UIs) providing informed consent. This input as used to develop a tutorial to inform users on the pros and cons of sign-up methods and to design SSO sign-up UIs for privacy. A between-subject laboratory study with 80 participants was used to test both the tutorial and the UIs. We demonstrate an increase in the level to which users are informed when deciding and providing consent in the context of social login

Understanding users’ mental models of Federated Identity Management (FIM): use of a new tangible elicitation method

The number of passwords users require to interact with online accounts continues to grow, as the services they interact with online become more and more common. Federated Identity Management (FIM) offer an easy option for users to authenticate themselves to many accounts using just one password from an Identity Provider such as Facebook or Google. Previous research has shown that users are reluctant to use such systems and have inaccurate mental models of how they work, but much of the research is now over a decade old. An initial exploratory study with 12 users asked them to create a mental model of a particular concrete FIM scenario, using a new tangible elicitation method involving felt icons and a flocked board, based on the Fuzzy-Felt toy for young children. It was found that almost all participants had inaccurate mental models of FIM which may lead to hesitancy to use such systems: they believe much more information is passed to the website they wish to login to and they mis-understand the route taken by the information that is passed between their browser, the Identity Provider and the target website. The implications of these results and the new method of eliciting mental models are discussed

Security Aspects in Web of Data Based on Trust Principles. A brief of Literature Review

Within scientific community, there is a certain consensus to define "Big Data" as a global set, through a complex integration that embraces several dimensions from using of research data, Open Data, Linked Data, Social Network Data, etc. These data are scattered in different sources, which suppose a mix that respond to diverse philosophies, great diversity of structures, different denominations, etc. Its management faces great technological and methodological challenges: The discovery and selection of data, its extraction and final processing, preservation, visualization, access possibility, greater or lesser structuring, between other aspects, which allow showing a huge domain of study at the level of analysis and implementation in different knowledge domains. However, given the data availability and its possible opening: What problems do the data opening face? This paper shows a literature review about these security aspects

Security Aspects in Web of Data Based on Trust Principles. A brief of Literature Review

Within scientific community, there is a certain consensus to define "Big Data" as a global set, through a complex integration that embraces several dimensions from using of research data, Open Data, Linked Data, Social Network Data, etc. These data are scattered in different sources, which suppose a mix that respond to diverse philosophies, great diversity of structures, different denominations, etc. Its management faces great technological and methodological challenges: The discovery and selection of data, its extraction and final processing, preservation, visualization, access possibility, greater or lesser structuring, between other aspects, that allow showing a huge domain of study at the level of analysis and implementation in different knowledge domains. However, given the data availability and its possible opening: What problems do the data opening face? This paper shows a literature review about these security aspects