University of Idaho
Mashups have emerged as a web 2.0 phenomenon, connecting disjoint applications together to provide unified services. However, scalable access control for mashups is difficult. To enable a mashup to gather data from legacy applications and services, users must give the mashup their login names and passwords for those services. This all-or-nothing approach violates the principle of least privilege and leaves users vulnerable to misuse of their credentials by malicious mashups. In this paper, the authors introduce delegation permits - a stateless approach to access rights delegation in mashups - and describe their complete implementation of a permit-based authorization delegation service.