Title: Ticket model: a generalised model for internet-based three-party authorisation systems

Authors: Utharn Buranasaksee; Kriengkrai Porkaew; Umaporn Supasitthimethee

Addresses: School of Information Technology, King Mongkut's University of Technology Thonburi, Bangkok, 10140, Thailand ' School of Information Technology, King Mongkut's University of Technology Thonburi, Bangkok, 10140, Thailand ' School of Information Technology, King Mongkut's University of Technology Thonburi, Bangkok, 10140, Thailand

Abstract: Using web technology, a user may use a web browser to access a service on a web application that runs on a server. In many cases, a user needs to perform the task that requires the use of multiple web applications. Traditionally, a user needs to give his credentials to a third party website which leads to privacy and security issues. Though there are many existing protocols, most of them are ad hoc. Since the way a user accesses two independent web applications can be different, we define a web-based three-party communication model. After that, the well-accepted existing protocols are analysed. However, we found the common work flow in the communication though the protocols are in different scenarios. Therefore, we proposed the generalised model called Ticket model. Then, the details were discussed using a reference implementation. Finally, an accounting extension was added to the reference implementation as an example.

Keywords: generalised model; three-party authorisation; extensible; internet; web-based three-party communication; modelling; multiple web applications; privacy; security.

DOI: 10.1504/IJIPT.2014.068250

International Journal of Internet Protocol Technology, 2014 Vol.8 No.4, pp.159 - 168

Received: 20 Jul 2013
Accepted: 06 Apr 2014

Published online: 08 Apr 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article