Beyond User-to-User Access Control for Online Social Networks

With Hie development of Web 2.0 technologies, online. social networks are able to provide open platforms to enable the seamless sharing of profile data to enable developers to interface and extend the social network services as applications (or APIs). At, the same time, these open interfaces pose serious privacy concerns as third party applications are usually given full read access to the user profiles. Current, related research has focused on mainly user-to-user interactions in social networks, mid seems to ignore the third party applications. In this paper, we present an access control frame-work to manage the. third party to user interactions. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify die degree of specificity of the shared attributes. We, model applications as finite state machines, and use the required user profile attributes is conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set, of attribute generalization required to access the application services.