METHOD FOR PROTECTING DATA IN MASHUP WEBSITES

US 20090328137A1
Filed: 06/30/2008
Published: 12/31/2009
Est. Priority Date: 06/30/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for protecting a mashup webpage, said mashup webpage including a plurality of objects, comprising:

providing a cross-object access control policy, said cross-object access control policy governing access by individual ones of said plurality of objects to content of others of said plurality of objects;

providing a hierarchical relationship representation among objects of said mashup webpage, said hierarchical relationship representation specifying a hierarchical relationship among said plurality of mini-applications;

intercepting a content access event by a first object of said plurality of objects, said content access event requesting access to content of a second object of said plurality of objects;

ascertaining, using said cross-object access control policy and said hierarchical relationship representation, whether said content access event is permissible; and

denying said access by said first object to said content of said second object if said content access event is deemed impermissible or permissible according to said cross-object access control policy.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting a mashup webpage is disclosed. The mashup webpage includes a plurality of mini-applications. The method includes intercepting a content access event by a first mini-application of the plurality of mini-applications, the content access event requesting access to content of a second mini-application of the plurality of mini-applications. The method also includes ascertaining, using a Document Mini-application Model (DOM) access control policy and a DOM model, whether the content access event is permissible. The method additionally includes denying the access by the first mini-application to the content of the second mini-application if the content access event is deemed impermissible or permissible according to the DOM access control policy.

22 Citations

View as Search Results

20 Claims

1. A method for protecting a mashup webpage, said mashup webpage including a plurality of objects, comprising:
- providing a cross-object access control policy, said cross-object access control policy governing access by individual ones of said plurality of objects to content of others of said plurality of objects;
  
  providing a hierarchical relationship representation among objects of said mashup webpage, said hierarchical relationship representation specifying a hierarchical relationship among said plurality of mini-applications;
  
  intercepting a content access event by a first object of said plurality of objects, said content access event requesting access to content of a second object of said plurality of objects;
  
  ascertaining, using said cross-object access control policy and said hierarchical relationship representation, whether said content access event is permissible; and
  
  denying said access by said first object to said content of said second object if said content access event is deemed impermissible or permissible according to said cross-object access control policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising notifying a user of said mashup webpage if said content access event is deemed impermissible according to said cross-object access control policy.
  - 3. The method of claim 1 further comprising permitting said access by said first object to said content of said second object if said content access event is deemed permissible according to said cross-object access control policy.
  - 4. The method of claim 1 wherein said content access event represents a JavaScript DOM event.
  - 5. The method of claim 1 wherein said cross-object control policy permits write access to a child object but inhibits said write access to a parent object.
  - 6. The method of claim 1 wherein said cross-object control policy permits write access to a child object but inhibits said write access to a sibling object.
  - 7. The method of claim 1 wherein said intercepting involves event hooking.
  - 8. The method of claim 1 wherein said plurality of objects represent a plurality of mini applications.
  - 9. The method of claim 1 wherein said mashup webpage is implemented via Rich Internet Application (RIA) technology.
  - 10. The method of claim 1 wherein said mashup webpage is implemented via AJAX (Asynchronous Javascript and XML) technology.

11. A method for protecting a mashup webpage, said mashup webpage including a plurality of mini-applications, comprising:
- intercepting a content access event by a first mini-application of said plurality of mini-applications, said content access event requesting access to content of a second mini-application of said plurality of mini-applications;
  
  ascertaining, using a Document Mini-application Model (DOM) access control policy and a DOM model, whether said content access event is permissible, said DOM access control policy governing access by individual ones of said plurality of mini-applications to content of others of said plurality of mini-applications said DOM access control policy, said DOM model specifying a hierarchical relationship among said plurality of mini-applications; and
  
  denying said access by said first mini-application to said content of said second mini-application if said content access event is deemed impermissible or permissible according to said DOM access control policy.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11 further comprising notifying a user of said mashup webpage if said content access event is deemed impermissible according to said DOM access control policy.
  - 13. The method of claim 11 further comprising permitting said access by said first mini-application to said content of said second mini-application if said content access event is deemed permissible according to said DOM access control policy.
  - 14. The method of claim 11 wherein said content access event represents a JavaScript DOM event.
  - 15. The method of claim 11 wherein said DOM control policy permits write access to a child mini-application but inhibits said write access to a parent mini-application.
  - 16. The method of claim 11 wherein said DOM control policy permits write access to a child mini-application but inhibits said write access to a sibling mini-application.
  - 17. The method of claim 11 wherein said intercepting involves event hooking.
  - 18. The method of claim 11 wherein said plurality of mini-applications represent a plurality of mini applications.
  - 19. The method of claim 11 wherein said mashup webpage is implemented via Rich Internet Application (RII) technology.
  - 20. The method of claim 11 wherein said mashup webpage is implemented via AJAX (Asynchronous Javascript and XML) technology.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shun-Fa Yang, Wen-Tien Liang
Original Assignee
Shun-Fa Yang, Wen-Tien Liang
Inventors
Liang, Wen-Tien, Yang, Shun-Fa

Application Number

US12/164,904
Publication Number

US 20090328137A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/554   involving event detection a...

G06F 21/62   Protecting access to data v...

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2145   Inheriting rights or proper...

METHOD FOR PROTECTING DATA IN MASHUP WEBSITES

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR PROTECTING DATA IN MASHUP WEBSITES

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links