scholarly journals A Mobile-Based Attribute Aggregation Architecture for User-Centric Identity Management

2014 ◽  
pp. 266-287
Author(s):  
Alexandre B. Augusto ◽  
Manuel E. Correia
Keyword(s):  
Identity Management ◽  
Personal Health Records ◽  
The Internet ◽  
Digital Identity ◽  
End User ◽  
Massive Growth ◽  
Private Data ◽  
Real Value ◽  
User Centric ◽  
The Web

The massive growth of the Internet and its services is currently being sustained by the mercantilization of users’ identities and private data. Traditional services on the Web require the user to disclose many unnecessary sensitive identity attributes like bankcards, geographic position, or even personal health records in order to provide a service. In essence, the services are presented as free and constitute a means by which the user is mercantilized, often without realizing the real value of its data to the market. In this chapter the auhors describe OFELIA (Open Federated Environment for Leveraging of Identity and Authorization), a digital identity architecture designed from the ground up to be user centric. OFELIA is an identity/authorization versatile infrastructure that does not depend upon the massive aggregation of users’ identity attributes to offer a highly versatile set of identity services but relies instead on having those attributes distributed among and protected by several otherwise unrelated Attribute Authorities. Only the end user, with his smartphone, knows how to aggregate these scattered Attribute Authorities’ identity attributes back into some useful identifiable and authenticated entity identity that can then be used by Internet services in a secure and interoperable way.

scholarly journals A Mobile-Based Attribute Aggregation Architecture for User-Centric Identity Management

2016 ◽  
pp. 470-492
Author(s):  
Alexandre B. Augusto ◽  
Manuel E. Correia
Keyword(s):  
Identity Management ◽  
Personal Health Records ◽  
The Internet ◽  
Digital Identity ◽  
End User ◽  
Massive Growth ◽  
Private Data ◽  
Real Value ◽  
User Centric ◽  
The Web

The massive growth of the Internet and its services is currently being sustained by the mercantilization of users' identities and private data. Traditional services on the Web require the user to disclose many unnecessary sensitive identity attributes like bankcards, geographic position, or even personal health records in order to provide a service. In essence, the services are presented as free and constitute a means by which the user is mercantilized, often without realizing the real value of its data to the market. In this chapter the auhors describe OFELIA (Open Federated Environment for Leveraging of Identity and Authorization), a digital identity architecture designed from the ground up to be user centric. OFELIA is an identity/authorization versatile infrastructure that does not depend upon the massive aggregation of users' identity attributes to offer a highly versatile set of identity services but relies instead on having those attributes distributed among and protected by several otherwise unrelated Attribute Authorities. Only the end user, with his smartphone, knows how to aggregate these scattered Attribute Authorities' identity attributes back into some useful identifiable and authenticated entity identity that can then be used by Internet services in a secure and interoperable way.

scholarly journals Quantifying quality of WEB site based on usability

2018 ◽  
Vol 7 (2.7) ◽  
pp. 320
Author(s):  
Dr JKR Sastry ◽  
N Sreenidhi ◽  
K Sasidhar
Keyword(s):  
Web Sites ◽  
Web Site ◽  
Information Dissemination ◽  
Vital Role ◽  
The Internet ◽  
End User ◽  
Effi Ciency ◽  
Computational Procedures ◽  
The Web

Information dissemination is taking place these days heavily using web sites which are hosted on the internet. The effectiveness and effi-ciency of the design of the WEB site will have great effect on the way the content hosted on the WEB can be accessed. Quality of a web site, places a vital role in making available the required information to the end user with ease satisfying the users content requirements. A framework has been proposed comprising 42 quality metrics using which the quality of a web site can be measured. Howevercompu-tations procedures have not been stated in realistic terms.In this paper, computational procedures for measuring “usability” of a WEB site can be measured which can be included into overall computation of the quality of a web site.

Developing a Web Proxy Server Application to Minimize Cross-Site Scripting Attacks

10.17158/183 ◽  
2011 ◽  
Vol 17 (2) ◽  
Author(s):  
Eric John G. Emberda ◽  
Siegfried C. Capon ◽  
Johanah A. Maunda
Keyword(s):  
Internet User ◽  
Entry Point ◽  
The Internet ◽  
Proxy Server ◽  
Intelligent Algorithms ◽  
Private Data ◽  
Server Application ◽  
Cross Site ◽  
The Web

<p>Stealing information from a user’s computer through the Internet is a growing concern. One type of Internet attacks or Cybercrime is Cross-Site Scripting or XSS. It allows an attacker to retrieve information from an Internet user by inserting a script to a vulnerable website where it automatically mines private data from the victim, then sends those data to another website. This study was conducted to examine the different vulnerable aspects of a website. A list of XSS-vulnerable websites was gathered, as well as a list of different XSS scripts. These websites were tested with the XSS scripts to determine the entry point to which the scripts can penetrate. A web proxy application was created which implements different mechanisms to prevent these XSS scripts from successfully mining private data. The web proxy application was able to minimize XSS attacks by comparing the scripts inside the website with the database of XSS scripts. The researchers however, recommend that the process of preventing XSS scripts be improved by adding artificially intelligent algorithms that will read patterns for XSS scripts and distinguish them from safe scripts.</p>

The Java Portlet Specification (Die Java Portlet Spezifikation)

2004 ◽  
Vol 46 (5) ◽  
Author(s):  
Stefan Hepper
Keyword(s):  
Information Systems ◽  
User Interface ◽  
Web Application ◽  
Web Applications ◽  
End User ◽  
Dynamic Content ◽  
Java Technology ◽  
Application Programming ◽  
User Centric ◽  
The Web

SummaryPortlets are Java technology based web components, managed by a portlet container, that process requests and generate dynamic content. They are used by portals as pluggable user interface components that provide a presentation layer to Information Systems. After servlets portlets are the next step in web application programming, as they allow the integration of different applications into one consistent view for the end-user. They enable modular and user centric web applications and thus go beyond the servlet model where the web application is one monolithic block. In this article we present the JSR 168 Java Portlet Specification and explain its underlying concepts. We show a Portlet example and discuss how portlets interact with other Java technologies.

scholarly journals An Approach to Implement Cryptographic Protocol Version Downgrade Within a Secure Internal Network: TLS 1.x to SSL

2019 ◽  
Vol 13 (10) ◽  
pp. 179
Author(s):  
Ganeshkumar S ◽  
Elango Govindaraju
Keyword(s):  
Web Application ◽  
Web Applications ◽  
The Internet ◽  
Cryptographic Protocol ◽  
End User ◽  
Web Based ◽  
Internal Network ◽  
Prohibitive Cost ◽  
Private Network ◽  
The Web

The end to end encryption of connections over the internet have evolved from SSL to TLS 1.3 over the years. Attacks have exposed vulnerabilities on each upgraded version of the cryptographic protocols used to secure connections over the internet. Organisations have to keep updating their web based applications to use the latest cryptographic protocol to ensure users are protected and feel comfortable using their web applications. But, the problem is that, web applications are not always standalone systems, there is usually a maze of systems that are integrated to provide services to the end user. The interactions between these systems happens within the controlled internal private network environment of the organisation. While only the front ending web application is visible to the end user. It is not often feasible to upgrade all internal systems to use the latest cryptographic protocol for internal interfaces/integration due to prohibitive cost of redevelopment and upgrades to infra and systems. Here we define an algorithm to setup internal &amp; external firewalls to downgrade to a lower version of the cryptographic protocol (SSL) within the internal network for the integration/interfacing connections of internal systems while mandating the latest cryptographic protocol (TLS 1.x) for end user connections to the web application.

scholarly journals Solution for Deceptive Download Buttons and Drive-By Installation

2018 ◽  
Vol 3 (4) ◽  
pp. 1
Author(s):  
Amruth Nag ◽  
Sowmya M S
Keyword(s):  
Operating System ◽  
End Users ◽  
The Internet ◽  
End User ◽  
Common User ◽  
The Web

Deceptive download buttons are those on the internet which may look like it is meant to do an action but actually does something else which it is not intended by the user. Drive-by installations are those extra software which is installed in a user's device without him noticing it. This paper gives the information about the types of deceptive download buttons and the ways a common user can avoid clicking on such button while browsing the web. A few methods the advertiser may commonly use for making the end user a victim of the deceptive download buttons is discussed here. The methods by which someone can avoid these kinds of buttons are also given in this paper. An idea for the development of an extension to the user's browser, that runs in the background. This warns the user about those buttons prior to the button being clicked. This paper also includes information about drive-by installations of bloatware and the ways in which the end users are being affected by this, how the end user can avoid being a victim of drive-by installations and an idea to develop a tool which runs in the background as a small script in the operating system which will automatically warn the user about the drive-by installations.

scholarly journals Identity Identification and Management in the Internet of Things

2020 ◽  
Vol 17 (4A) ◽  
pp. 645-654
Author(s):  
Zina Houhamdi ◽  
Belkacem Athamena
Keyword(s):  
Internet Of Things ◽  
Identity Management ◽  
Recognition Algorithm ◽  
The Internet ◽  
User Identification ◽  
Smart Object ◽  
Private Data ◽  
Identity Management System ◽  
Machine Communication ◽  
The Internet Of Things

Henceforth, users agreed on the necessity of continuous Internet connection independently of the place, the manner, and the time. Nowadays, several elite services are accessible by people over the Internet of Things (IoT), which is a heterogeneous network defined by machine-to-machine communication. Despite the fact that the devices are used to establish the communication, the users can be considered as the actual producers of input data and consumers of the output data. Consequently, the users should be viewed as a smart object in IoT; therefore, user identification, authentication, authorization are required. However, the user identification process is too complicated because the users are worried to share their confidential and private data. on the other hand, this private data should be used by some of their devices. Accordingly, an equitable mechanism to identify users and manage their identities is necessary. In addition, the user plays an extreme important role in the establishment of rules needed for identity identification and in ensuring the continuity of receptive services.The main purpose of this paper is to develop a new framework for Identity Management System (IdMS) for IoT. The primary contributions of this paper are: the proposition of a device recognition algorithm for user identification, the proposition of a new format for the identifier, and a theoretical framework for IdMS

Sign in / Sign up

Export Citation Format

Share Document