DOCSLIB.ORG

Wrox.Opensocial.Network.Programming.Apr.2009.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

spine=.816" Programmer to Programmer™ Get more out of WROX.com Interact Chapters on Demand Take an active role online by participating in Purchase individual book chapters in pdf our P2P forums format Wrox Online Library Join the Community Hundreds of our books are available online Sign up for our free monthly newsletter at through Books24x7.com newsletter.wrox.com Wrox Blox Browse Download short informational pieces and Ready for more Wrox? We have books and code to keep you up to date and out of e-books available on .NET, SQL Server, Java, trouble! XML, Visual Basic, C#/ C++, and much more! Contact Us. We always like to get feedback from our readers. Have a book idea? Need community support? Let us know by e-mailing [email protected] Grewe ffirs.tex V2 - 03/09/2009 5:15pm Page i OpenSocial Network Programming Introduction ......................................................................xvii Chapter 1: Social Network Programming ...............................................1 Chapter 2: Introduction to OpenSocial ............................................... 55 Chapter 3: Gadget XML and Gadget API .............................................. 87 Chapter 4: JavaScript API ......................................................... 111 Chapter 5: OpenSocial RESTful API ................................................. 169 Chapter 6: Programming Fundamentals ............................................. 221 Chapter 7: Sample Applications .................................................... 235 Chapter 8: Performance, Scalability, and Monetization ............................... 277 Chapter 9: OpenSocial Templates, Markup, and Emerging Technologies ................ 325 Index ........................................................................... 375 Grewe ffirs.tex V2 - 03/09/2009 5:15pm Page ii Grewe ffirs.tex V2 - 03/09/2009 5:15pm Page iii OpenSocial Network Programming Lynne Grewe Wiley Publishing, Inc. Grewe ffirs.tex V2 - 03/09/2009 5:15pm Page iv OpenSocial Network Programming Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright 2009 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-0-470-44222-7 Manufactured in the United States of America 10987654321 Library of Congress Cataloging-in-Publication Data: Grewe, Lynne, 1965- OpenSocial network programming / Lynne Grewe. p. cm. Includes index. ISBN 978-0-470-44222-7 (paper/website) 1. Online social networks — Computer software. 2. Online social networks — Design. 3. Application program interfaces (Computer software) I. Title. HM742.G74 2009 006.7’54 — dc22 2009001915 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ, 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read. For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Trademarks: Wiley, the Wiley logo, Wrox, the Wrox logo, Programmer to Programmer, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. OpenSocial is a trademark of Google, Inc. All other trademarks are the property of their respective owners. Wiley Publishing, Inc. is not associated with any product or vendor mentioned in this book. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Grewe ffirs.tex V2 - 03/09/2009 5:15pm Page v To my family, Ben, Allen, and Jake, thank you for sharing this life and love with me. To my best friend and mother, Joyce, thank you for all of your love and support. To my father, Larry, and brother, Jeff, thanks for believing in me. Grewe f01.tex V1 - 03/09/2009 5:16pm Page vi About the Author Lynne Grewe, Ph.D., is founder and director of ILab at California State University East Bay, where she as a professor in Computer Science. She created the first class in a university to teach social network programming, using the platforms of OpenSocial, Facebook, and others. Previously, she worked at IBM as a media specialist. She received her Ph.D. in Electrical and Computer Engineering from Purdue. She has collaborated with numerous companies in social networking. She has published in professional journals and presented at many conferences and symposiums. Lynne has contacts in industry that are spearheading social network platforms and including Sun, Yahoo!, and Google. She is also a leader in the community developing personalization/socialization of the social network experience and is a member of the OpenSocial foundation. Grewe f02.tex V1 - 03/09/2009 5:16pm Page vii Credits Executive Editor Vice President and Executive Group Publisher Carol Long Richard Swadley Development Editor Vice President and Executive Publisher Kevin Shafer Barry Pruett Technical Editor Ken Walton Associate Publisher Jim Minatel Production Editor Liz Britten Project Coordinator, Cover Lynsey Stamford Copy Editor Kim Cofer Foxxe Editorial Services Proofreader Josh Chase (Word One) Editorial Manager Mary Beth Wakefield Indexer J&JIndexing Production Manager Tim Tate Grewe f03.tex V1 - 03/09/2009 5:17pm Page viii Acknowledgments I would like to thank a number of people for helping me create the best book possible. Thank you to Kevin Shafer, my development editor at Wiley, who with his considerable experience made this book shine. Thank you to Carol Long, executive acquisitions editor at Wiley, a great editor who guided me through the process. Also, thanks to the Wiley publishing team, including Sara Shlaer and Kirk Bateman. A special thanks to Ken Walton, director of business development and chief software architect at Klick- Nation, who served as technical editor and spent many hours reviewing the book, making suggestions, and helping to ensure that there are no errors. I also interviewed a number of people to create this book and want to thank the following for their invaluable assistance: T Ken Walton, director of business development and chief software architect, KlickNation T Cody Simms, Yahoo!, senior director, Yahoo! platforms T Prakash Narayan, Zembly T Jia Shen, CTO and founder, RockYou T Lan LiaBraaten, Sara Jew-lim, Jan Penner, Google T David Young, Slide T Paul Linder, platform architect, hi5 T Rod Boothby, vice president, Joyent T Ali Partovi, CEO, iLike T Vikas Gupta, cofounder/CEO, Jambool T Charlene Li, emerging technologies and coauthor of ‘‘Groundswell’’ T Kevin Chou, CEO, Watercooler T Rhett Mcnulty, COO, Shopit T Stefano Pochet, Nealab Technologies, Freebar T Jeff Roberto, Friendster T Gina Olsen, imeem T Pieter De Schepper, Netlog Grewe ftoc.tex V1 - 03/09/2009 5:17pm Page ix Contents Introduction xvii Chapter 1: Social Network Programming 1 Social Network Platforms 2 MySpace 2 hi5 5 orkut 7 Friendster 8 imeem 9 Freebar 9 Netlog 11 Yahoo! 12 Other Networks 14 Social Network Applications 14 Application Discovery 15 Application Installation 16 Application Appearance 17 Control of Applications 25 Making Applications Social and Viral 29 Application Goals 29 Growth 30 Engagement 30 Good Look and Feel 32 Dynamic Evolution 32 Self Expression 32 Social Exposure 33 Relationship Building 33 Real-World Problem Solving 33 Application Trends 33 Reach (General Appeal) Applications 35 Vertical (Targeted) Applications 36 Template-Based Application Development 36 Brand Applications 39 Destination Applications 39 Grewe ftoc.tex V1 - 03/09/2009 5:17pm Page x Contents Longer Engagement 39 Use of Media
Recommended publications
  • Uila Supported Apps

    Uila Supported Apps

    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
  • Google Docs Accessibility (Pdf)

    Google Docs Accessibility (Pdf)

    Google Docs Accessibility (A11y) Building Accessible Google Docs • Heading Styles • Images • Table of Contents • Captioning • Columns and Lists • Tables A11y • Tab Stops • Color Contrast • Paragraph Spacing • Headers and Footers • Meaningful Link Text • Accessibility Checker What is Assistive Technology? Assistive Technology (AT) are “products, equipment, and systems that enhance learning, working, and daily living for persons with disabilities.” Magnification Speech Screen Readers Software Recognition Trackball Mouse Keyboard Zoom Text Braille Computer Keyboard Captions/Subtitles Captioned Telephone Video Relay Services Captioning Videos Per federal and state law, and CSU policy, instructional media (e.g., videos, captured lectures, recorded presentations) must have captions. This includes instructional media used in classrooms, posted on websites or shared in Canvas. • All students who are enrolled in a course must be able to access the content in the course. • Faculty: Funding is available to help faculty generate captions and transcripts for instructional media. Materials should be submitted at least six weeks in advance of their use in instruction. • Staff: For CSUN staff who do not provide classroom material, there is a cost through chargeback. For information on the chargeback, email [email protected]. csun.edu/captioning What are Screen Readers Screen readers are a form of assistive technology (AT) software that enables access to a computer, and all the things a computer does, by attempting to identify and interpret what is being displayed on the computer screen using text-to-speech. Screen readers can only access and process live text (fully editable or selectable text). • Provides access to someone who is visually impaired, mobility or has a learning disability to access text on the screen.
  • Add a Captcha to a Contact Form

    Add a Captcha to a Contact Form

    Add A Captcha To A Contact Form Colin is swishing: she sectionalizing aphoristically and netts her wherefore. Carroll hogtying opportunely while unresolved Tre retell uncontrollably or trekking point-device. Contractible Howard cravatted her merrymakers so afire that Hugo stabilised very microscopically. Please provide this works just create customized contact form module that you can add a captcha to contact form element options can process Are seldom sure you want to excuse that? It was looking at minimum form now it to both nithin and service will be used by my front end. Or two parameters but without much! Bleeding edge testing system that controls the add a captcha contact form to. Allows you ever want to disable any spam form script that you to add and choose themes that have a contact form or badge or six letters! Even for contact template tab we work fine, add a plugin. Captcha your print perfectly clear explanation was more traditional captcha as a mix of images with no clue how do exactly what is a contact your website? Collect information and is not backward compatible with a captcha to form orders and legally hide it? Is there a way to gauge my Mac from sleeping during a file copy? Drop the Contact Form element on your desired area. Captcha widget areas in your site. How can never change the production method my products use? Honeypots are essential for our ads for us understand what you have a template is now has a weird of great option only use? This full stack overflow! The mail is sent, email and a message field.
  • Paying Attention to Public Readers of Canadian Literature

    Paying Attention to Public Readers of Canadian Literature

    PAYING ATTENTION TO PUBLIC READERS OF CANADIAN LITERATURE: POPULAR GENRE SYSTEMS, PUBLICS, AND CANONS by KATHRYN GRAFTON BA, The University of British Columbia, 1992 MPhil, University of Stirling, 1994 A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY in THE FACULTY OF GRADUATE STUDIES (English) THE UNIVERSITY OF BRITISH COLUMBIA (Vancouver) August 2010 © Kathryn Grafton, 2010 ABSTRACT Paying Attention to Public Readers of Canadian Literature examines contemporary moments when Canadian literature has been canonized in the context of popular reading programs. I investigate the canonical agency of public readers who participate in these programs: readers acting in a non-professional capacity who speak and write publicly about their reading experiences. I argue that contemporary popular canons are discursive spaces whose constitution depends upon public readers. My work resists the common critique that these reading programs and their canons produce a mass of readers who read the same work at the same time in the same way. To demonstrate that public readers are canon-makers, I offer a genre approach to contemporary canons that draws upon literary and new rhetorical genre theory. I contend in Chapter One that canons are discursive spaces comprised of public literary texts and public texts about literature, including those produced by readers. I study the intertextual dynamics of canons through Michael Warner’s theory of publics and Anne Freadman’s concept of “uptake.” Canons arise from genre systems that are constituted to respond to exigencies readily recognized by many readers, motivating some to participate. I argue that public readers’ agency lies in the contingent ways they select and interpret a literary work while taking up and instantiating a canonizing genre.
  • Privacy Policy Interpretation and Definitions

    Privacy Policy Interpretation and Definitions

    Privacy Policy This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. Interpretation and Definitions Interpretation The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural. Definitions For the purposes of this Privacy Policy: • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service. • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Adventure City Inc., 1238 S. BEACH BLVD., SUITE E. For the purpose of the GDPR, the Company is the Data Controller. • Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority. • Account means a unique account created for You to access our Service or parts of our Service.
  • Profiles Research Networking Software Installation Guide

    Profiles Research Networking Software Installation Guide

    Profiles Research Networking Software Installation Guide Documentation Version : July 25, 2014 Software Version : ProfilesRNS_2.1.0 Table of Contents Introduction ..................................................................................................................... 2 Hardware and Operating System Requirements ............................................................. 3 Download Options ........................................................................................................... 4 Installing the Database .................................................................................................... 5 Loading Person Data....................................................................................................... 8 Loading Person Data: Part 1 – Importing SSIS Packages into SQL Server msdb Database ..................................................................................................................... 8 Loading Person Data: Part 2 – Importing Demographic Data .................................... 10 Loading Person Data: Part 3 – Geocoding ................................................................ 15 Loading Person Data: Part 4 – Obtaining Publications .............................................. 16 Loading Person Data: Part 5 – Convert data to RDF ................................................. 19 Scheduling Database Jobs ............................................................................................ 21 Installing the Code........................................................................................................
  • Informed Content Delivery Across Adaptive Overlay Networks

    Informed Content Delivery Across Adaptive Overlay Networks

    Informed Content Delivery Across Adaptive Overlay Networks John Byers Jeffrey Considine Michael Mitzenmacher Stanislav Rost [email protected] [email protected] [email protected] [email protected] Dept. of Computer Science EECS MIT Laboratory for Boston University Harvard University Computer Science Boston, Massachusetts Cambridge, Massachusetts Cambridge, Massachusetts Abstract Categories and Subject Descriptors C.2 [Computer Systems Organization]: Computer- Overlay networks have emerged as a powerful and highly flexible Communication Networks method for delivering content. We study how to optimize through- put of large transfers across richly connected, adaptive overlay net- General Terms works, focusing on the potential of collaborative transfers between Algorithms, Measurement, Performance peers to supplement ongoing downloads. First, we make the case for an erasure-resilient encoding of the content. Using the digital Keywords fountain encoding approach, end-hosts can efficiently reconstruct Overlay, peer-to-peer, content delivery, digital fountain, erasure ¡ the original content of size ¡ from a subset of any symbols drawn correcting code, min-wise summary, Bloom filter, reconciliation, from a large universe of encoded symbols. Such an approach af- collaboration. fords reliability and a substantial degree of application-level flex- ibility, as it seamlessly accommodates connection migration and 1 Introduction parallel transfers while providing resilience to packet loss. How- ever, since the sets of encoded symbols acquired by peers during Consider the problem of distributing a large new file across a downloads may overlap substantially, care must be taken to enable content delivery network of several thousand geographically dis- them to collaborate effectively. Our main contribution is a collec- tributed machines.
  • A Comparison of Natural Language Understanding Platforms for Chatbots in Software Engineering

    A Comparison of Natural Language Understanding Platforms for Chatbots in Software Engineering

    1 A Comparison of Natural Language Understanding Platforms for Chatbots in Software Engineering Ahmad Abdellatif, Khaled Badran, Diego Elias Costa, and Emad Shihab, Senior Member, IEEE Abstract—Chatbots are envisioned to dramatically change the future of Software Engineering, allowing practitioners to chat and inquire about their software projects and interact with different services using natural language. At the heart of every chatbot is a Natural Language Understanding (NLU) component that enables the chatbot to understand natural language input. Recently, many NLU platforms were provided to serve as an off-the-shelf NLU component for chatbots, however, selecting the best NLU for Software Engineering chatbots remains an open challenge. Therefore, in this paper, we evaluate four of the most commonly used NLUs, namely IBM Watson, Google Dialogflow, Rasa, and Microsoft LUIS to shed light on which NLU should be used in Software Engineering based chatbots. Specifically, we examine the NLUs’ performance in classifying intents, confidence scores stability, and extracting entities. To evaluate the NLUs, we use two datasets that reflect two common tasks performed by Software Engineering practitioners, 1) the task of chatting with the chatbot to ask questions about software repositories 2) the task of asking development questions on Q&A forums (e.g., Stack Overflow). According to our findings, IBM Watson is the best performing NLU when considering the three aspects (intents classification, confidence scores, and entity extraction). However, the results from each individual aspect show that, in intents classification, IBM Watson performs the best with an F1-measure>84%, but in confidence scores, Rasa comes on top with a median confidence score higher than 0.91.
  • Writing a Book Using Google Docs

    Writing a Book Using Google Docs

    Share Report Abuse Next Blog» Create Blog Sign In Docs Blog News and notes from the Google Docs and Sites teams Guest post: Writing a book using Google Docs Looking for posts on your Monday, November 01, 2010 favorite product? Labels: documents, Google Apps Blog, Guest Post Google Sites Documents Guest post: November is National Writing Month and to celebrate, we’ve invited Dr. Steven Daviss Spreadsheets to talk about how he used Google Docs to write a book with two colleagues. Dr. Daviss is currently Presentations the Chairman of Psychiatry at Baltimore Washington Medical Center in Maryland and has been Forms increasingly leveraging his clinical and administrative experience towards a career merging health Drawings care policy, informatics, and health care reform. Docs list Archives Archives Site Feed Follow us on Twitter twitter.com/googledocs Followers Follow with Google Friend Connect Followers (5351) More » Two other psychiatrists (Anne Hanson and Dinah Miller) and I have been writing a popular blog (Shrink Rap) about the practice of psychiatry since 2006. A year later, we started a podcast (My Three Shrinks) that has received great reviews in iTunes. Late in 2007, we decided to take some of those posts and weave them together to write a book. We started out using a desktop word processor to write the book, each chapter being a separate document. We learned about the limitations of making edits and sending out each of our revisions to the other two: we very quickly had multiple out-of-sync versions and the whole thing was a mess. This is from one of Dinah’s emails back then: “With 3 people doing this, I need to be able to keep track of what everyone wants to write.
  • Tipologie Di Dati Raccolti Modalità E

    Tipologie Di Dati Raccolti Modalità E

    Privacy Policy di www.mcj.it Questa Applicazione raccoglie alcuni Dati Personali dei propri Utenti. Titolare del Trattamento dei Dati Mcj Sede legale: Corso Rosselli, 73 – 10129 Torino P.IVA 01370130336 Tipologie di Dati raccolti Fra i Dati Personali raccolti da questa Applicazione, in modo autonomo o tramite terze parti, ci sono: Cookie, Dati di utilizzo, Numero di Telefono, Email, Nome, Cognome, Posizione geografica, Indirizzo, Password, Codice Fiscale, Professione, Nazione, Provincia, CAP e Città. Altri Dati Personali raccolti potrebbero essere indicati in altre sezioni di questa privacy policy o mediante testi informativi visualizzati contestualmente alla raccolta dei Dati stessi. I Dati Personali possono essere inseriti volontariamente dall’Utente, oppure raccolti in modo automatico durante l'uso di questa Applicazione. L’eventuale utilizzo di Cookie - o di altri strumenti di tracciamento - da parte di questa Applicazione o dei titolari dei servizi terzi utilizzati da questa Applicazione, ove non diversamente precisato, ha la finalità di identificare l’Utente e registrare le relative preferenze per finalità strettamente legate all'erogazione del servizio richiesto dall’Utente. Il mancato conferimento da parte dell’Utente di alcuni Dati Personali potrebbe impedire a questa Applicazione di erogare i propri servizi. L'Utente si assume la responsabilità dei Dati Personali di terzi pubblicati o condivisi mediante questa Applicazione e garantisce di avere il diritto di comunicarli o diffonderli, liberando il Titolare da qualsiasi responsabilità verso terzi. Modalità e luogo del trattamento dei Dati raccolti Modalità di trattamento Il Titolare tratta i Dati Personali degli Utenti adottando le opportune misure di sicurezza volte ad impedire l’accesso, la divulgazione, la modifica o la distruzione non autorizzate dei Dati Personali.
  • Cookie Swap Party: Abusing First-Party Cookies for Web Tracking

    Cookie Swap Party: Abusing First-Party Cookies for Web Tracking

    Cookie Swap Party: Abusing First-Party Cookies for Web Tracking Quan Chen Panagiotis Ilia [email protected] [email protected] North Carolina State University University of Illinois at Chicago Raleigh, USA Chicago, USA Michalis Polychronakis Alexandros Kapravelos [email protected] [email protected] Stony Brook University North Carolina State University Stony Brook, USA Raleigh, USA ABSTRACT 1 INTRODUCTION As a step towards protecting user privacy, most web browsers perform Most of the JavaScript (JS) [8] code on modern websites is provided some form of third-party HTTP cookie blocking or periodic deletion by external, third-party sources [18, 26, 31, 38]. Third-party JS li- by default, while users typically have the option to select even stricter braries execute in the context of the page that includes them and have blocking policies. As a result, web trackers have shifted their efforts access to the DOM interface of that page. In many scenarios it is to work around these restrictions and retain or even improve the extent preferable to allow third-party JS code to run in the context of the of their tracking capability. parent page. For example, in the case of analytics libraries, certain In this paper, we shed light into the increasingly used practice of re- user interaction metrics (e.g., mouse movements and clicks) cannot lying on first-party cookies that are set by third-party JavaScript code be obtained if JS code executes in a separate iframe. to implement user tracking and other potentially unwanted capabil- This cross-domain inclusion of third-party JS code poses security ities.
  • Managing the Performance Impact of Web Security

    Managing the Performance Impact of Web Security

    Electronic Commerce Research, 5: 99–116 (2005) 2005 Springer Science + Business Media, Inc. Manufactured in the Netherlands. Managing the Performance Impact of Web Security ADAM STUBBLEFIELD and AVIEL D. RUBIN Johns Hopkins University, USA DAN S. WALLACH Rice University, USA Abstract Security and performance are usually at odds with each other. Current implementations of security on the web have been adopted at the extreme end of the spectrum, where strong cryptographic protocols are employed at the expense of performance. The SSL protocol is not only computationally intensive, but it makes web caching impossible, thus missing out on potential performance gains. In this paper we discuss the requirements for web security and present a solution that takes into account performance impact and backwards compatibil- ity. Keywords: security, web performance scalability, Internet protocols 1. Introduction Security plays an important role in web transactions. Users need assurance about the au- thenticity of servers and the confidentiality of their private data. They also need to know that any authentication material (such as a password or credit card) they send to a server is only readable by that server. Servers want to believe that data they are sending to paying customers is not accessible to all. Security is not free, and in fact, on the web, it is particularly expensive. This paper focuses on managing the performance impact of web security. The current web security standard, SSL, has a number of problems from a performance perspective. Most obviously, the cryptographic operations employed by SSL are computationally expensive, especially for the web server. While this computational limitation is slowly being overcome by faster processors and custom accelerators, SSL also prevents the content it delivers from being cached.