User-managed access to web resources.

ABSTRACTWeb 2.0 technologies have made it possible to migrate traditional desktop applications to the Web, resulting in a rich and dynamic user experience and in expanded functionality. Individuals can create and manage their content online, and they are not only consumers of Web services, but also active participants on the Web platform. As a result, potentially large amounts of personal, sensitive, and valuable data is put online, spread across various Web services. Users sometimes share this data with other users and services on the Web, but are also concerned about maintaining privacy and sharing their data securely. Currently, users must use diverse access control solutions available for each Web service to secure data and control its dissemination. When such mechanisms are used on a daily basis, they add considerable overhead, especially since these mechanisms often lack sophistication with respect to functionality as well as user interfaces. To alleviate this problem, we discuss a novel approach to access management for Web resources that includes a user as a core part of its model. The proposal puts the user in charge of assigning access rights to resources that may be hosted at various Web applications. It facilitates the ability of users to share data more selectively using a centralized authorization manager which makes access decisions based on user instructions.