Security in OpenSocial-Instrumented Social Networking Services

  • Matthias Häsel
  • Luigi Lo Iacono
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6109)


Securing social networking services is challenging and becomes even more complex when third-party applications are able to access user data. Still, adequate security and privacy solutions are imperative in order to build and maintain trust in such extensible social platforms. This paper discusses security issues in the context of OpenSocial-instrumented social networking services. It shows that the OpenSocial specification is far from being comprehensive in respect to security. Resulting weaknesses and shortcomings are emphasized and discussed. Finally, the paper attempts to fill these gaps by proposing extensions to the OpenSocial specification and recommendations for social networks that implement OpenSocial.


Application Server Social Networking Service Social Application Social Data Social Graph 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Boyd, D., Ellison, N.: Social network sites: History, and scholarship. Journal of Computer-Mediated Communication 13(1), 210–230 (2007)CrossRefGoogle Scholar
  2. 2.
    Häsel, M.: Opensocial: An enabler for social applications on the web. Communications of the ACM nn(n), nn–nn (2010)Google Scholar
  3. 3.
    Garrett, J.: Ajax: A new approach to web applications. Technical report, Adaptive Path Inc. (2005)Google Scholar
  4. 4.
    OpenSocial and Gadgets Specification Group: Opensocial specification v0.9. Technical report, OpenSocial Foundation (April 2009)Google Scholar
  5. 5.
    OpenSocial and Gadgets Specification Group: Opensocial gadgets api specification v0.9. Technical report, OpenSocial Foundation (April 2009)Google Scholar
  6. 6.
    Wiesmann, A., van der Stock, A., Curphey, M., Stirbei, R. (eds.): A Guide to Building Secure Web Applications and Web Services. The Open Web Application Security Project (2005)Google Scholar
  7. 7.
    Arrington, M.: First opensocial application hacked within 45 minutes, (last accessed November 27, 2009)
  8. 8.
    Hammer-Lahav, E. (ed.): OAuth Core 1.0 Revision A (2009)Google Scholar
  9. 9.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (2001)Google Scholar
  10. 10.
    Fournet, C.: Verification tools for web services security. In: DIMACS Workshop on Security of Web Services and E-Commerce (2005)Google Scholar
  11. 11.
    McIntosh, M., Austel, P.: XML signature element wrapping attacks and countermeasures. In: SWS ’05: Proceedings of the 2005 Workshop on Secure Web Services, pp. 20–27. ACM Press, New York (2005)CrossRefGoogle Scholar
  12. 12.
    Bartel, M., Boyer, J., Fox, B., LaMacchia, B., Simon, E.: XML-Signature Syntax and Processing. W3C Recommendation (2002)Google Scholar
  13. 13.
    Gruschka, N., Lo Iacono, L.: Vulnerable cloud: Soap message security validation revisited. In: Proceedings of the IEEE International Conference on Web Services, ICWS (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Matthias Häsel
    • 1
  • Luigi Lo Iacono
    • 2
  1. 1.XING AGHamburgGermany
  2. 2.Europäische Fachhochschule (EUFH)BrühlGermany

Personalised recommendations