Authors: Utharn Buranasaksee; Kriengkrai Porkaew; Umaporn Supasitthimethee
Addresses: School of Information Technology, King Mongkut's University of Technology Thonburi, Bangkok, 10140, Thailand ' School of Information Technology, King Mongkut's University of Technology Thonburi, Bangkok, 10140, Thailand ' School of Information Technology, King Mongkut's University of Technology Thonburi, Bangkok, 10140, Thailand
Abstract: Using web technology, a user may use a web browser to access a service on a web application that runs on a server. In many cases, a user needs to perform the task that requires the use of multiple web applications. Traditionally, a user needs to give his credentials to a third party website which leads to privacy and security issues. Though there are many existing protocols, most of them are ad hoc. Since the way a user accesses two independent web applications can be different, we define a web-based three-party communication model. After that, the well-accepted existing protocols are analysed. However, we found the common work flow in the communication though the protocols are in different scenarios. Therefore, we proposed the generalised model called Ticket model. Then, the details were discussed using a reference implementation. Finally, an accounting extension was added to the reference implementation as an example.
Keywords: generalised model; three-party authorisation; extensible; internet; web-based three-party communication; modelling; multiple web applications; privacy; security.
International Journal of Internet Protocol Technology, 2014 Vol.8 No.4, pp.159 - 168
Available online: 23 Mar 2015 *Full-text access for editors Access for subscribers Purchase this article Comment on this article