Research Article
On the need for user-defined fine-grained access control policies for social networking applications
@INPROCEEDINGS{10.1145/1461469.1461470, author={Andrew Simpson}, title={On the need for user-defined fine-grained access control policies for social networking applications}, proceedings={1st International ICST Workshop on Security in Opportunistic and Social Networks}, publisher={ACM}, proceedings_a={SOSOC}, year={2008}, month={9}, keywords={social networks privacy access control}, doi={10.1145/1461469.1461470} }
- Andrew Simpson
Year: 2008
On the need for user-defined fine-grained access control policies for social networking applications
SOSOC
ACM
DOI: 10.1145/1461469.1461470
Abstract
The increasing popularity in social network web sites is giving rise to new classes of security and privacy concerns. The effective management of these threats will require a three-pronged approach, involving a combination of social, legal and technical solutions. At the heart of the issue is the notion of emph{trust}: in sharing personal data, individuals are placing their trust not only in those responsible for these sites, but in other members of their virtual communities. In this paper we draw parallels with the issues of data sharing and trust that have arisen in the e-* (by which we mean e-Science, e-Research, e-Health, e-Business, etc.) arenas. Specifically, we concern ourselves with authorisation, and argue that members of such social networks should have the opportunity to construct fine-grained access control policies that meet their particular requirements and circumstances, and, in addition, should be able to observe appropriate audit information.