Toggle Main Menu Toggle Search

Open Access padlockePrints

Use Cases for User-Centric Access Control for the Web

Lookup NU author(s): Maciej Machulak, Professor Aad van Moorsel



The rapidly developing Web environment provides users with a wide set of rich services as varied and complex as desktop applications. Those services are collectively referred to as \Web 2.0", with examples such as Google Docs, Wikipedia, Wordpress or Flickr, that allow users to create, manage and share their content online. By switching from desktop applications to their Web equivalents more and more data gets released online. It is the user who creates data, who shares and disseminates this data, and who accesses it. Storing and sharing resources over a highly collaborative \Web 2.0" environment poses new security challenges. Access control, in particular, is currently poorly addressed in such an environment and is not well suited to the increasing amount of resources that is available online. We propose a novel approach to access control for the Web. Our approach puts a user in full control of their resources which may be scattered across multiple Web applications. Unlike existing authorisation systems, it relies on a user's centrally located security requirements for those resources. In this paper we present a set of use cases that could be addressed with our User-Centric Access Control approach. We discuss those use case scenarios from the perspective of individuals and organisations that make use of \Web 2.0" applications. We present examples of architectures that could provide required functionality of each scenario. Additionally, we discuss those use cases and point out challenges and problems that require further consideration.

Publication metadata

Author(s): Machulak M, van Moorsel A

Publication type: Report

Publication status: Published

Series Title: School of Computing Science Technical Report Series

Year: 2009

Pages: 54

Print publication date: 01/08/2009

Source Publication Date: August 2009

Report Number: 1165

Institution: School of Computing Science, University of Newcastle upon Tyne

Place Published: Newcastle upon Tyne