Web browsers are a common platform for delivering cross-platform applications. However, they currently fail to provide consistent access control for security and privacy sensitive JavaScript APIs, such as geolocation and local storage. This problem is exacerbated by new HTML5 APIs and the increasing number of personal devices people own and use. In this paper we present the webinos platform which aims to provide a single, cross-device policy system for web applications on a wide range of web-enabled devices including TVs, smartphones, in-car systems and PCs. webinos solves the existing deficiencies in web authorisation by introducing the concept of a personal zone, the set of all devices and services owned by a particular user. All devices in this zone can synchronize their access control policies through interoperable middleware and can create flexible rules which may refer to an individual user, device or the entire zone. We provide details of the architecture and explain how our experience during design highlighted several conceptual challenges.

Cross-Platform Access Control for Mobile Web Applications

MONTELEONE, SALVATORE;PATTI, DAVIDE;
2012-01-01

Abstract

Web browsers are a common platform for delivering cross-platform applications. However, they currently fail to provide consistent access control for security and privacy sensitive JavaScript APIs, such as geolocation and local storage. This problem is exacerbated by new HTML5 APIs and the increasing number of personal devices people own and use. In this paper we present the webinos platform which aims to provide a single, cross-device policy system for web applications on a wide range of web-enabled devices including TVs, smartphones, in-car systems and PCs. webinos solves the existing deficiencies in web authorisation by introducing the concept of a personal zone, the set of all devices and services owned by a particular user. All devices in this zone can synchronize their access control policies through interoperable middleware and can create flexible rules which may refer to an individual user, device or the entire zone. We provide details of the architecture and explain how our experience during design highlighted several conceptual challenges.
2012
978-1-4673-1993-5
Access control, API, middleware, policy, synchronization, web applications, webinos
File in questo prodotto:
File Dimensione Formato  
06267999.pdf

solo gestori archivio

Tipologia: Versione Editoriale (PDF)
Licenza: Non specificato
Dimensione 787.63 kB
Formato Adobe PDF
787.63 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.11769/247603
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 21
  • ???jsp.display-item.citation.isi??? ND
social impact