Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web-key: Mashing with Permission Highlights and examples from the paper, and an open discussion.

Published byKaitlyn Jackson Modified over 10 years ago

Similar presentations

Presentation on theme: "Web-key: Mashing with Permission Highlights and examples from the paper, and an open discussion."— Presentation transcript:

1 web-key: Mashing with Permission http://waterken.sf.net/web-key/ Highlights and examples from the paper, and an open discussion

2 Security vs. the Web Casualties of the username/password: –Global identification Sharing a resource by passing a URL –Orthogonality Hypertext can refer to a resource by URL only –Global scope A URL means the same thing everywhere Got us the Same Origin Policy

3 Security vs. the Web … and often doesnt actually result in the security we wanted –Loss of global identification User revolt to something you know –Loss of orthogonality Pervasive prompting => phishing –Loss of global scope XSRF: this global identifier means something different when you use it –My Access Control List doesnt control access?

4 The Web with security What security properties can we add to the Web without breaking it and would they be useful in real applications? –A URL is a lot like a reference. –Capability-security gets its security from enforcing the properties of references. –Check the protocols and clients to see if its a good fit.

5 The Web as capability system Referer header almost makes the Web a dynamically scoped language Some referential integrity from HTTPS Windowing API in the browser is hysterical –Survivable, but does require some care Address bar shows reference bits –Can mitigate or ignore if no ones looking

6 https://yurl.net/-/#kzqxsxbub4742a Global Id, Orthogonality, Global Scope Global id = Just click Orthogonality = No prompting Global scope = no XSRF Global scope = no need for Same Origin Global id = fine grained access for mashup

Download ppt "Web-key: Mashing with Permission Highlights and examples from the paper, and an open discussion."

Similar presentations

Catalog REST for data providers ECHO Technical Interchange 04/30/13 3:15pm EST Doug Newman.

Catalog REST for data providers ECHO Technical Interchange 04/30/13 3:15pm EST Doug Newman.
A Guide to Digital Campus

A Guide to Digital Campus
Installation Procedure for Synapse PACS version (Windows XP)

Installation Procedure for Synapse PACS version (Windows XP)
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.

Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.
Novell from Home Net Storage. Novell access via NetStorage 1-Web Interface Connect to your shared drive through your web browser Windows, Mac or Linux.

Novell from Home Net Storage. Novell access via NetStorage 1-Web Interface Connect to your shared drive through your web browser Windows, Mac or Linux.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.

Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.

Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
Downloading and Installing AutoCAD Architecture 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the software.

Downloading and Installing AutoCAD Architecture 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the software.
Spendvision Approvals Presentation Julie McConnell Spendvision Administrator.

Spendvision Approvals Presentation Julie McConnell Spendvision Administrator.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
The Internet & Web Browsers Business Webpage Design Kelly Seale.

The Internet & Web Browsers Business Webpage Design Kelly Seale.
Scope The eInvoicing project was created to meet the Local Regulations for invoicing and tax reporting effective on May 2009, which requires that all the.

Scope The eInvoicing project was created to meet the Local Regulations for invoicing and tax reporting effective on May 2009, which requires that all the.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Moodle site sign in instructions..  To restate the definition of Moodle from their web site Moodle is an Open Source Course Management System (CMS),

Moodle site sign in instructions..  To restate the definition of Moodle from their web site "Moodle is an Open Source Course Management System (CMS),
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
Online Open Enrollment with HRC Total Solutions Online Enrollment in your Health Savings Account (HSA)

Online Open Enrollment with HRC Total Solutions Online Enrollment in your Health Savings Account (HSA)
eService Ticket Management Shortcut

eService Ticket Management Shortcut
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Similar presentations

Ads by Google