| Summary: | 碩士 === 輔仁大學 === 資訊工程學系 === 98 === In the Web 2.0 Environment, user contents are aggregated through mashup. To ensure the security and privacy of the aggregated contents is an importance issue for service providers. With the OAuth support, content provider and content consumer could retrieve the content under owner’s approval. But OAuth does not deal with the following three relations at present: the relation between content owner and users; the relation between different content providers; and the relation between aggregated contents and the content users.
The authorization server (AS) can be independent from the content provider services under OAuth 2.0. Content providers deploy the authorization rules on AS, and then AS could have more rooms for consideration in authorization decisions. AS could export authorization rules to other services. The consumer could make a decision while it shares the aggregated contents to other service according to the authorization rule that AS provided. In this thesis, we implement an AS prototype, and design the data structure of the authorization rule which is convenience for other services to deploy.
This research analyze the relations about the content; associate the authorization rules from the content providers; identify the authorization conflict; notify the content owner, and make a decision when the contents are shared to other users. We made a mashup among Facebook, Google Health and Social Health Space, and implemented an AS prototype to verify the feasibility of the proposed mechanism.
|
|---|
