{"id":"https://openalex.org/W1978639784","doi":"https://doi.org/10.1109/acsac.2008.24","title":"Please Permit Me: Stateless Delegated Authorization in Mashups","display_name":"Please Permit Me: Stateless Delegated Authorization in Mashups","publication_year":2008,"publication_date":"2008-12-01","ids":{"openalex":"https://openalex.org/W1978639784","doi":"https://doi.org/10.1109/acsac.2008.24","mag":"1978639784"},"language":"en","primary_location":{"id":"doi:10.1109/acsac.2008.24","is_oa":false,"landing_page_url":"https://doi.org/10.1109/acsac.2008.24","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2008 Annual Computer Security Applications Conference (ACSAC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076460405","display_name":"Ragib Hasan","orcid":"https://orcid.org/0000-0001-5248-8341"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ragib Hasan","raw_affiliation_strings":["Department of Computer Science, University of Illinois, Urbana-Champaign, Urbana, IL, USA","Dept of Computer Science, University of Illinois at Urbana-Champaign, Urbana, IL#TAB#"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Illinois, Urbana-Champaign, Urbana, IL, USA","institution_ids":["https://openalex.org/I157725225"]},{"raw_affiliation_string":"Dept of Computer Science, University of Illinois at Urbana-Champaign, Urbana, IL#TAB#","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011314280","display_name":"Marianne Winslett","orcid":"https://orcid.org/0000-0002-3935-7168"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Marianne Winslett","raw_affiliation_strings":["Department of Computer Science, University of Illinois, Urbana-Champaign, Urbana, IL, USA","Dept of Computer Science, University of Illinois at Urbana-Champaign, Urbana, IL#TAB#"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Illinois, Urbana-Champaign, Urbana, IL, USA","institution_ids":["https://openalex.org/I157725225"]},{"raw_affiliation_string":"Dept of Computer Science, University of Illinois at Urbana-Champaign, Urbana, IL#TAB#","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090076881","display_name":"Richard M. Conlan","orcid":null},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Richard Conlan","raw_affiliation_strings":["Google, Inc., Mountain View, CA, USA","Google Inc., Mountain View, CA#TAB#"],"affiliations":[{"raw_affiliation_string":"Google, Inc., Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]},{"raw_affiliation_string":"Google Inc., Mountain View, CA#TAB#","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5098166143","display_name":"Brian Slesinsky","orcid":null},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Brian Slesinsky","raw_affiliation_strings":["Google, Inc., Mountain View, CA, USA","Google Inc., Mountain View, CA#TAB#"],"affiliations":[{"raw_affiliation_string":"Google, Inc., Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]},{"raw_affiliation_string":"Google Inc., Mountain View, CA#TAB#","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5110102174","display_name":"Nandakumar Ramani","orcid":null},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nandakumar Ramani","raw_affiliation_strings":["Google, Inc., Mountain View, CA, USA","Google Inc., Mountain View, CA#TAB#"],"affiliations":[{"raw_affiliation_string":"Google, Inc., Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]},{"raw_affiliation_string":"Google Inc., Mountain View, CA#TAB#","institution_ids":["https://openalex.org/I1291425158"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5076460405"],"corresponding_institution_ids":["https://openalex.org/I157725225"],"apc_list":null,"apc_paid":null,"fwci":13.0535,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.98129056,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"173","last_page":"182"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/mashup","display_name":"Mashup","score":0.8302364349365234},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7345502376556396},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6613820791244507},{"id":"https://openalex.org/keywords/delegation","display_name":"Delegation","score":0.5954098701477051},{"id":"https://openalex.org/keywords/stateless-protocol","display_name":"Stateless protocol","score":0.5602080225944519},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.4988977909088135},{"id":"https://openalex.org/keywords/login","display_name":"Login","score":0.4838787317276001},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.4314398467540741},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.4312473237514496},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.39635518193244934},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3249379098415375},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.11286547780036926},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.08076077699661255},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.07990813255310059}],"concepts":[{"id":"https://openalex.org/C196126337","wikidata":"https://www.wikidata.org/wiki/Q821080","display_name":"Mashup","level":4,"score":0.8302364349365234},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7345502376556396},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6613820791244507},{"id":"https://openalex.org/C86532276","wikidata":"https://www.wikidata.org/wiki/Q1184065","display_name":"Delegation","level":2,"score":0.5954098701477051},{"id":"https://openalex.org/C103613024","wikidata":"https://www.wikidata.org/wiki/Q230924","display_name":"Stateless protocol","level":3,"score":0.5602080225944519},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.4988977909088135},{"id":"https://openalex.org/C113324615","wikidata":"https://www.wikidata.org/wiki/Q472302","display_name":"Login","level":2,"score":0.4838787317276001},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.4314398467540741},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.4312473237514496},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.39635518193244934},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3249379098415375},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.11286547780036926},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.08076077699661255},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.07990813255310059},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/acsac.2008.24","is_oa":false,"landing_page_url":"https://doi.org/10.1109/acsac.2008.24","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2008 Annual Computer Security Applications Conference (ACSAC)","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.207.2526","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.207.2526","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://ragibhasan.com/publications/papers/hasan-acsac2009mashup.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7699999809265137,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W97905028","https://openalex.org/W1506217276","https://openalex.org/W1541899491","https://openalex.org/W1737016141","https://openalex.org/W1964295419","https://openalex.org/W1982802095","https://openalex.org/W1993754788","https://openalex.org/W2010245190","https://openalex.org/W2020992910","https://openalex.org/W2022724458","https://openalex.org/W2032553192","https://openalex.org/W2047224998","https://openalex.org/W2054702684","https://openalex.org/W2100394195","https://openalex.org/W2103834013","https://openalex.org/W2120146528","https://openalex.org/W2121921277","https://openalex.org/W2131509635","https://openalex.org/W2131906261","https://openalex.org/W2143529622","https://openalex.org/W2151309220","https://openalex.org/W2156025508","https://openalex.org/W2165070700","https://openalex.org/W2170496240","https://openalex.org/W2170557676","https://openalex.org/W4248223175","https://openalex.org/W4298519275","https://openalex.org/W6604082188","https://openalex.org/W6630334447","https://openalex.org/W6637744676","https://openalex.org/W6662340334","https://openalex.org/W6678046232"],"related_works":["https://openalex.org/W3040374273","https://openalex.org/W2154270547","https://openalex.org/W3002405669","https://openalex.org/W2955572513","https://openalex.org/W66507862","https://openalex.org/W2341203197","https://openalex.org/W2112107765","https://openalex.org/W1982802095","https://openalex.org/W198308571","https://openalex.org/W3152910131"],"abstract_inverted_index":{"Mashups":[0],"have":[1],"emerged":[2],"as":[3],"a":[4,26,78,94],"Web":[5],"2.0":[6],"phenomenon,":[7],"connecting":[8],"disjoint":[9],"applications":[10,33],"together":[11],"to":[12,28,62,81,123],"provide":[13],"unified":[14],"services.":[15,48],"However,":[16],"scalable":[17],"access":[18,82,109],"control":[19,110],"for":[20,46,113],"mashups":[21,86],"is":[22],"difficult.":[23],"To":[24],"enable":[25,103],"mashup":[27,40],"gather":[29],"data":[30],"from":[31],"legacy":[32],"and":[34,44,58,88,101,107,111,125],"services,":[35],"users":[36,60],"must":[37],"give":[38],"the":[39,53],"their":[41,65],"login":[42],"names":[43],"passwords":[45],"those":[47],"This":[49],"all-or-nothing":[50],"approach":[51,80],"violates":[52],"principle":[54],"of":[55,64,93],"least":[56],"privilege":[57],"leaves":[59],"vulnerable":[61],"misuse":[63],"credentials":[66],"by":[67],"malicious":[68],"mashups.":[69],"In":[70],"this":[71],"paper,":[72],"we":[73],"introduce":[74],"delegation":[75,84,97],"permits":[76],"-":[77,87],"stateless":[79,108],"rights":[83],"in":[85,117],"describe":[89],"our":[90],"complete":[91],"implementation":[92,102],"permit-based":[95],"authorization":[96,112,116],"service.":[98],"Our":[99],"protocol":[100],"fine":[104],"grained,":[105],"flexible,":[106],"distributed":[114],"delegated":[115],"mashups,":[118],"while":[119],"minimizing":[120],"attackers'":[121],"ability":[122],"capture":[124],"exploit":[126],"users'":[127],"authentication":[128],"credentials.":[129]},"counts_by_year":[{"year":2017,"cited_by_count":2},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":2},{"year":2013,"cited_by_count":1},{"year":2012,"cited_by_count":2}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}