Secure Delegation for Web 2.0 and Mashups A Position Statement for the 2008 Workshop on Web 2.0 Security And Privacy

Service providers are letting users completely control and use data through proxies, such as Web. 2.0 mashups. This trend is bringing renewed interest in the problem of secure distributed delegation. We highlight and discuss a number of new challenges for service providers and developers in creating a secure and usable delegation framework: • Wire protocols securely authenticating the consumer without compromising the consumer’s credentials • Usability of delegation protocols for non-trivial mashups • Protection from phishing and related attacks • Access control based on fine grained delegation of access rights specified by users • Enabling legacy systems, including existing RSS and ATOM servers, to support limited delegation, and • A web programming model that supports a usable delegation model.