Difference between revisions of "Security & Privacy with regards to Mashups"
Liz Oldham (talk | contribs) |
Liz Oldham (talk | contribs) |
||
| Line 1: | Line 1: | ||
'''Common concepts with regards to Security and Privacy concepts -''' | '''Common concepts with regards to Security and Privacy concepts -''' | ||
-. Confidentiality | -. Confidentiality<br> | ||
-. Integrity | -. Integrity<br> | ||
-. Availability | -. Availability<br> | ||
-. Identification, Authentication, & Authorization | -. Identification, Authentication, & Authorization<br> | ||
-. Audit | -. Audit<br> | ||
-. Incident response | -. Incident response<br> | ||
-. Regulatory Compliance | -. Regulatory Compliance<br> | ||
'''Developing Areas & Questions''' | '''Developing Areas & Questions''' | ||
Latest revision as of 12:36, 11 May 2006
Common concepts with regards to Security and Privacy concepts -
-. Confidentiality
-. Integrity
-. Availability
-. Identification, Authentication, & Authorization
-. Audit
-. Incident response
-. Regulatory Compliance
Developing Areas & Questions
It has become very clear from many articles and information sites that mashup developers are generally not aware of the security or privacy implications surrounding their mashups.
Who is liable with regards to the aggregating data and managing the integrity of data for both providers and consumers?
Mashup developers may need to enter secure/prohibited fields in order to make their mashups work.
Who is responsible if security and privacy has been breached? Do mashup developers/maintainers need to notify there data sources? What would the consequences/actions be?