Privacy-aware identity management for client-side mashup applications

Saman Zarandioon, Danfeng Yao, Vinod Ganapathy
2009 Proceedings of the 5th ACM workshop on Digital identity management - DIM '09  
This paper concerns the problem of identity management in modern Web-2.0-based mashup applications. Identity management supports convenient access to information when mashups are used in sensitive environments, such an banking, investment and online shopping, by providing services such as single sign-on. We present Web2ID, a new identity management protocol tailored for mashup applications. Web2ID leverages a secure mashup framework and enables transfer of credentials between a service provider
more » ... and a consumer. We also describe a new relay framework in which communication between two service providers is mediated by a relay agent within the mashup. We show that Web2ID is privacy-preserving and prevents service providers from learning a user's surfing habits. We present an implementation of Web2ID and the relay framework using a JavaScript-based library that executes within the browser. Our implementation does not require client-side changes and is therefore fully compatible even with legacy browsers. We also highlight the key challenges faced in creating a portable, inbrowser library to support identity management in mashups.
doi:10.1145/1655028.1655036 dblp:conf/dim/ZarandioonYG09 fatcat:wuysrdvdyzgalo32twfpak34fm