DOCSLIB.ORG

(12) United States Patent (10) Patent No.: US 9.426,152 B2 Pieczul Et Al

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
(12) United States Patent (10) Patent No.: US 9.426,152 B2 Pieczul Et Al USOO9426152B2 (12) United States Patent (10) Patent No.: US 9.426,152 B2 Pieczul et al. (45) Date of Patent: Aug. 23, 2016 (54) SECURE TRANSFER OF WEB APPLICATION (56) References Cited CLIENT PERSISTENT STATE INFORMATION INTO A NEW DOMAIN U.S. PATENT DOCUMENTS 7,194.552 B1* 3/2007 Schneider ........... HO4L 61,3015 (71) Applicant: International Business Machines 709/217 Corporation, Armonk, NY (US) 7,664,724 B2 * 2/2010 Lucovsky ............. GO6F 21,335 707/781 8,504,692 B1 8, 2013 Henderson (72) Inventors: Olgierd S. Pieczul, Dublin (IE): 2004.0054898 A1 3/2004 Chao et al. Mariusz Pajecki, Dublin (IE); Izabela 2005/0204148 A1* 9/2005 Mayo .................. HO4L 63,0815 Pogorzelska-Pieczul, Dublin (IE): T13,185 Mustansir Banatwala, Hudson, NH 2006.0056317 A1 3/2006 Manning et al. (US) (Continued) (73) Assignee: International Business Machines OTHER PUBLICATIONS Corporation, Armonk, NY (US) Nirmal, K.; Ewards, S.E. Vinodh; Geetha, K. Maximizing Online Security by providiniga 3 Factor Authenticationi System to counter (*) Notice: Subject to any disclaimer, the term of this attack Phishing. 2010 International Conference on Emerging patent is extended or adjusted under 35 Trends in Robotics and Communication Technologies. http:// U.S.C. 154(b) by 0 days. ieeexplore.ieee.org/stampfstamp.jsp?tp=&arnumber=5706.185.* (Continued) (21) Appl. No.: 14/326,255 Primary Examiner — Jeremiah Avery (22) Filed: Jul. 8, 2014 (74) Attorney, Agent, or Firm — David B. Woycechowsky; David H. Judson (65) Prior Publication Data US 2016/OO14153 A1 Jan. 14, 2016 (57) ABSTRACT A technique to reassign one or more stored elements of web (51) Int. Cl. application client state information is provided in an HTTP H04L 29/06 (2006.01) based client upon receipt of an HTTP redirect in response to H04L 29/08 (2006.01) a request-URI. One or more stored elements associated to the request-URI are saved in or in association with the client. (52) U.S. Cl. Upon receipt of an HTTP301 (permanent) redirect, the client CPC ........ H04L 63/0876 (2013.01); H04L 63/0853 automatically reassigns (re-associates) the one or more stored (2013.01); H04L 63/168 (2013.01); H04L elements to the redirect domain when the redirect can be 6702 (2013.01); H04L 67/2814 (2013.01) Verified as authentic (e.g., to originate from the application to (58) Field of Classification Search which the client is attempting to connect). None See application file for complete search history. 15 Claims, 3 Drawing Sheets 400 402 REDIRECTRECEIVE REASSIGNAND REDIRECT US 9,426,152 B2 Page 2 (56) References Cited 2012,0047577 A1 2/2012 Costinsky et al. 2013/0246846 A1* 9/2013 Oyman ................... HO4W 4.06 U.S. PATENT DOCUMENTS T14, 18 2014/0173088 A1* 6/2014 Varney .................. HO4L 67.289 2006/0253446 11, 2006 Leong et al. TO9,224 2006/0265508 11, 2006 Angel ............... HO4L 29, 12047 2014/0337954 A1* 11/2014 Ahmed ................... G06F 21? 41 TO9/230 T26/8 2008.0005127 1, 2008 Schneider ......... HO4L 29, 12594 707,999.01 OTHER PUBLICATIONS 2008/O120412 5/2008 Icaza ....................... HO4L 67/16 709,225 2009 OO31368 1/2009 Ling Kumar, Anugrah; Roy, Sanjiban Shekar, Saxena, Sanklan; Rawat, 2009, O144288 6, 2009 Refuah et al. Sarvesh SS. Phishing Detection by determining Reliability Factor 2010, 0070448 3, 2010 Omoigui ............. HOL 27, 1463 using Rough Set Theory. 2013 International Conference on Machine TO6/47 2010/0281107 11, 2010 Fallows .................... GO6F 9/54 Intelligence and Research Advancement. http://ieeexplore.ieee.org/ TO9,203 stamp? stamp.jsp?tp=&arnumber=6918828.* 2011/02092O2 8, 2011 Otranen .................. HO4L 63.08 T26/4 * cited by examiner U.S. Patent Aug. 23, 2016 Sheet 1 of 3 US 9.426,152 B2 100 Y FIG. 1 E 110 104 DDDD Ul SER 112 106-1 000 STORAGE 114 108 CLIENT U.S. Patent Aug. 23, 2016 Sheet 2 of 3 US 9.426,152 B2 COMPUTER READABLE MEDIA FIG 2 216 300 Y 304 MEMORY 310-1 RELINKCODE WEB REASSIGNMENT APPLICATION CODE CLIENT STATE 308 CACHE INFORMATIONN-314 316 302 HARDWARE FIG. 3 U.S. Patent Aug. 23, 2016 Sheet 3 of 3 US 9.426,152 B2 400 402 REDIRECT RECEIVED ISSYSTEM ENABLED2 420 422 426 US 9,426,152 B2 1. 2 SECURE TRANSFER OF WEB, APPLICATION and/or remove obsolete data stored for the old application CLIENT PERSISTENT STATE INFORMATION server domain. In addition, all persistent cookies that locally INTO A NEW DOMAIN cache a user's state information are not reflected in the new server domain. As a consequence, and despite the authenticity BACKGROUND OF THE INVENTION of the redirect, the user may have difficulty interacting with the new (redirected) application server domain in an auto 1. Technical Field mated and/or seamless manner. This disclosure relates generally to web application Secu rity and, in particular, to ensuring secure transfer of a web BRIEF SUMMARY application's client persistent state information to a new 10 According to this disclosure, a client state information domain upon receipt of an authentic HTTP redirect. transfer or “reassignment' function is implemented in an 2. Background of the Related Art HTTP-based web application client upon receipt by the client One way that computers interact via networks such as the of an HTTP redirect in response to a request-URI. Typically, Internet is using the HyperText Transfer Protocol (HTTP) the request-URI is associated with an application server open standard designed by the World WideWeb Consortium 15 domain. Upon receipt an HTTP permanent redirection mes (W3C) and standardized as Internet Engineering Task Force sage, and upon confirming that the message is authentic, the (IETF) RFC 2616. It is an intentionally simple and open web application client automatically reassigns the client state protocol that is implemented across many heterogeneous information (e.g., form elements, passwords, cookies, and the computer systems. like) to the new application server domain identified in the A web application often needs to modify its URL structure, redirect. e.g., to point to a new domain. When the web application has In operation, and upon receipt of a permanent redirect, a active users, however, the modification of URL structure is a client user-agent that has been provisioned to implement the troublesome task. The most difficult aspect is making Sure reassignment function determines whether the permanent that, even if URLS change, user impact is minimal. In par redirect message is authentic, e.g., whether it is received from ticular, it is important that URLs are preserved in user clients 25 the application server domain to which the request-URI was directed. Preferably, this determination is made in one of (e.g., bookmarks in web browsers, URLs in feed readers and several ways, e.g., evaluating whether the redirect is received other rich-clients that use REST-based APIs, and the like) and in a trusted SSL connection, whether the redirect is received continue to work for at least some transition period following in a connection that, if not protected by SSL, is otherwise the change. Typically, this goal is achieved by using HTTP trusted (e.g., because the request-response is being carried out redirects (from an old to a new location). There are two (2) 30 over a corporate network), or even whether a user has, upon main types of redirects: temporary, when the client is receipt of the HTTP redirect, confirmed that reassignment instructed to temporarily use another location (e.g., for a login should occur, or the like. In response to a determination that page or a resource), and permanent, when a resource (e.g., a the permanent redirect is authentic, state information stored Web application's URL domain structure) changes perma in the browser and associated with the old application server nently. As is well-known, these redirects are done through 35 domain is automatically reassigned (re-associated) at the cli HTTP response codes, respectively, an HTTP 302 (tempo ent user-agent and associated with the new application server rary) and an HTTP301 (permanent), which are returned from domain. a web application to a requesting user-agent, such as a Web The foregoing has outlined some of the more pertinent browser. features of the disclosed subject matter. These features should The HTTP specification (RFC 2616) defines that on per 40 be construed to be merely illustrative. Many other beneficial manent redirection (the HTTP301) “clients with link editing results can be attained by applying the disclosed subject mat capabilities ought to automatically re-link references to the terina different manner or by modifying the Subject matter as Request-URI to one or more of the new references returned will be described. by the server, where possible.” Practically, however, clients BRIEF DESCRIPTION OF THE DRAWINGS typically ignore (some purposefully) this requirement and do 45 not update their URL references for HTTP 301 redirection. For a more complete understanding of the Subject matter The main reasons for this behavior are usability and security and the advantages thereof, reference is now made to the problems. Thus, for example, consider a pay-per-use internet following descriptions taken in conjunction with the accom provider (e.g., at an airport or hotel), which providers often panying drawings, in which: send the HTTP 301 redirect code incorrectly. If a browser 50 FIG. 1 depicts an exemplary block diagram of a distributed updates links for this redirection, those links would be per data processing environment in which exemplary aspects of manently changed to the incorrect location (and thus broken). the illustrative embodiments may be implemented; In another example, if a browser updates URIs in response to FIG. 2 is an exemplary block diagram of a data processing an HTTP 301, malicious open wireless hotspots or proxies system in which exemplary aspects of the illustrative embodi would gain the ability to permanently re-link a user's book 55 ments may be implemented; marks or application URLs, thus expanding the scope of FIG.
Load more

Recommended publications
  • Elastic Load Balancing Application Load Balancers Elastic Load Balancing Application Load Balancers
    Elastic Load Balancing Application Load Balancers Elastic Load Balancing Application Load Balancers Elastic Load Balancing: Application Load Balancers Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Elastic Load Balancing Application Load Balancers Table of Contents What is an Application Load Balancer? .................................................................................................. 1 Application Load Balancer components ......................................................................................... 1 Application Load Balancer overview ............................................................................................. 2 Benefits of migrating from a Classic Load Balancer ........................................................................ 2 Related services ......................................................................................................................... 3 Pricing ...................................................................................................................................... 3 Getting started .................................................................................................................................
    [Show full text]
  • Elastic Load Balancing Application Load Balancers Elastic Load Balancing Application Load Balancers
    Elastic Load Balancing Application Load Balancers Elastic Load Balancing Application Load Balancers Elastic Load Balancing: Application Load Balancers Elastic Load Balancing Application Load Balancers Table of Contents What is an Application Load Balancer? .................................................................................................. 1 Application Load Balancer components ......................................................................................... 1 Application Load Balancer overview ............................................................................................. 2 Benefits of migrating from a Classic Load Balancer ........................................................................ 2 Related services ......................................................................................................................... 3 Pricing ...................................................................................................................................... 3 Getting started .................................................................................................................................. 4 Before you begin ....................................................................................................................... 4 Step 1: Configure your target group ............................................................................................. 4 Step 2: Choose a load balancer type ...........................................................................................
    [Show full text]
  • Requests Documentation Release 2.26.0
    Requests Documentation Release 2.26.0 Kenneth Reitz Sep 21, 2021 Contents 1 Beloved Features 3 2 The User Guide 5 2.1 Installation of Requests.........................................5 2.2 Quickstart................................................6 2.3 Advanced Usage............................................. 15 2.4 Authentication.............................................. 30 3 The Community Guide 33 3.1 Recommended Packages and Extensions................................ 33 3.2 Frequently Asked Questions....................................... 34 3.3 Integrations................................................ 35 3.4 Articles & Talks............................................. 35 3.5 Support.................................................. 36 3.6 Vulnerability Disclosure......................................... 36 3.7 Release Process and Rules........................................ 38 3.8 Community Updates........................................... 38 3.9 Release History.............................................. 39 4 The API Documentation / Guide 71 4.1 Developer Interface........................................... 71 5 The Contributor Guide 93 5.1 Contributor’s Guide........................................... 93 5.2 Authors.................................................. 96 Python Module Index 103 Index 105 i ii Requests Documentation, Release 2.26.0 Release v2.26.0. (Installation) Requests is an elegant and simple HTTP library for Python, built for human beings. Behold, the power of Requests: >>>r= requests.get ('https://api.github.com/user',
    [Show full text]
  • Pulse Secure Virtual Traffic Manager: Trafficscript Guide, V19.3
    Pulse Secure Virtual Traffic Manager: TrafficScript Guide Supporting Pulse Secure Virtual Traffic Manager 19.3 Product Release 19.3 Published 15 October, 2019 Document Version 1.0 Pulse Secure Virtual Traffic Manager: TrafficScript Guide Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose CA 95134 www.pulsesecure.net © 2019 by Pulse Secure, LLC. All rights reserved. Pulse Secure and the Pulse Secure logo are trademarks of Pulse Secure, LLC in the United States. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Pulse Secure, LLC assumes no responsibility for any inaccuracies in this document. Pulse Secure, LLC reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Pulse Secure Virtual Traffic Manager: TrafficScript Guide The information in this document is current as of the date on the title page. END USER LICENSE AGREEMENT The Pulse Secure product that is the subject of this technical documentation consists of (or is intended for use with) Pulse Secure software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at http://www.pulsesecure.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA. © 2019 Pulse Secure, LLC. Pulse Secure Virtual Traffic Manager: TrafficScript Guide Contents PREFACE . 1 DOCUMENT CONVENTIONS . 1 TEXT FORMATTING CONVENTIONS . 1 COMMAND SYNTAX CONVENTIONS . 1 NOTES AND WARNINGS. 2 REQUESTING TECHNICAL SUPPORT . 2 SELF-HELP ONLINE TOOLS AND RESOURCES. 2 OPENING A CASE WITH PSGSC . 3 INTRODUCTION.
    [Show full text]
  • Web Tracking: Mechanisms, Implications, and Defenses Tomasz Bujlow, Member, IEEE, Valentín Carela-Español, Josep Solé-Pareta, and Pere Barlet-Ros
    ARXIV.ORG DIGITAL LIBRARY 1 Web Tracking: Mechanisms, Implications, and Defenses Tomasz Bujlow, Member, IEEE, Valentín Carela-Español, Josep Solé-Pareta, and Pere Barlet-Ros Abstract—This articles surveys the existing literature on the of ads [1], [2], price discrimination [3], [4], assessing our methods currently used by web services to track the user online as health and mental condition [5], [6], or assessing financial well as their purposes, implications, and possible user’s defenses. credibility [7]–[9]. Apart from that, the data can be accessed A significant majority of reviewed articles and web resources are from years 2012 – 2014. Privacy seems to be the Achilles’ by government agencies and identity thieves. Some affiliate heel of today’s web. Web services make continuous efforts to programs (e.g., pay-per-sale [10]) require tracking to follow obtain as much information as they can about the things we the user from the website where the advertisement is placed search, the sites we visit, the people with who we contact, to the website where the actual purchase is made [11]. and the products we buy. Tracking is usually performed for Personal information in the web can be voluntarily given commercial purposes. We present 5 main groups of methods used for user tracking, which are based on sessions, client by the user (e.g., by filling web forms) or it can be collected storage, client cache, fingerprinting, or yet other approaches. indirectly without their knowledge through the analysis of the A special focus is placed on mechanisms that use web caches, IP headers, HTTP requests, queries in search engines, or even operational caches, and fingerprinting, as they are usually very by using JavaScript and Flash programs embedded in web rich in terms of using various creative methodologies.
    [Show full text]
  • Consumer Market Study on Online Market Segmentation Through
    Consumer market study on online market segmentation through personalised pricing/offers in the European Union Request for Specific Services 2016 85 02 for the implementation of Framework Contract EAHC/2013/CP/04 Final report Ipsos – London Economics – Deloitte consortium June 2018 Justice and Consumers Consumer market study on online market segmentation through personalised pricing/offers in the European Union EUROPEAN COMMISSION Produced by Consumers, Health, Agriculture and Food Executive Agency (Chafea) on behalf of Directorate-General for Justice and Consumers Unit 03 – Economic Analysis & Evaluation Contact: Konstantinos Zisis E-mail: [email protected] European Commission B-1000 Brussels 2 EUROPEAN COMMISSION Consumer market study on online market segmentation through personalised pricing/offers in the European Union Request for Specific Services 2016 85 02 for the implementation of Framework Contract EAHC/2013/CP/04 Final report 2018 3 Consumer market study on online market segmentation through personalised pricing/offers in the European Union Europe Direct is a service to help you find answers to your questions about the European Union. Freephone number (*): 00 800 6 7 8 9 10 11 (*) The information given is free, as are most calls (though some operators, phone boxes or hotels may charge you). Find out which disclaimer you need : http://ec.europa.eu/dgs/communication/services/visual_identity/pdf/guidelines-studies-publications-by- external-organisations_en.pdf This report was produced under the EU Consumer Programme (2014-2020) in the frame of a service contract with the Consumers, Health, Agriculture and Food Executive Agency (Chafea) acting under the mandate from the European Commission. The content of this report represents the views of the contractor and is its sole responsibility; it can in no way be taken to reflect the views of the European Commission and/or Chafea or other body of the European Union.
    [Show full text]
  • A Taxonomy of Javascript Redirection Spam
    A Taxonomy of JavaScript Redirection Spam Kumar Chellapilla Alexey Maykov Microsoft Live Labs Microsoft Live Labs One Microsoft Way One Microsoft Way Redmond, WA 98052 Redmond, WA 98052 +1 425 707 7575 +1 425 705 5193 [email protected] [email protected] ABSTRACT facilitate redirection and hiding are presented in Section 3. We Redirection spam presents a web page with false content to a present a data set of URLs and estimate the prevalence of crawler for indexing, but automatically redirects the browser to a JavaScript redirection spam in Section 4 and Section 5, different web page. Redirection is usually immediate (on page respectively. Section 6 presents a taxonomy along with load) but may also be triggered by a timer or a harmless user representative examples. event such as a mouse move. JavaScript redirection is the most In this paper, we limit our analysis of script redirection spam to notorious of redirection techniques and is hard to detect as many client side scripts that run in the browser. Further, we use the term of the prevalent crawlers are script-agnostic. In this paper, we JavaScript [2] interchangeably with JScript [3], which are the study common JavaScript redirection spam techniques on the Mozilla Foundation’s and Microsoft’s implementation of the web. Our findings indicate that obfuscation techniques are very ECMAScript standard [4]. prevalent among JavaScript redirection spam pages. These 1 Modern browsers can be redirected in one of three ways, namely, obfuscation techniques limit the effectiveness of static analysis using HTTP protocol status codes, using a meta refresh tag in the and static feature based systems.
    [Show full text]
  • Openresty / Lua-Nginx-Module Watch 455 4,019 931
    openresty/lua-nginx-module: Embed the Power of Lua into NGINX HTTP servers https://github.com/openresty/lua-nginx-module Pull requests Issues Gist openresty / lua-nginx-module Watch 455 4,019 931 Code Issues 66 Pull requests 46 Projects 0 Wiki Pulse Graphs Embed the Power of Lua into NGINX HTTP servers https://openresty.org/ 3,168 commits 11 branches 303 releases 51 contributors New pull request Upload files Find file detailyang committed with agentzh tests: fixed a bug in testing the nullness of cdata pointers. … Latest commit e958cb2 3 days ago .github added the PULL_REQUEST_TEMPLATE file. 7 months ago doc doc: updated copyright notice. 2 months ago dtrace fixed dtrace static probes for systems other than Linux. 9 months ago misc/ recv-until-pm cosocket: did a minor optimization for receiveuntil patterns no longe… 5 years ago src feature: fixed build compatibility with BoringSSL. 5 days ago t tests: fixed a bug in testing the nullness of cdata pointers. 3 days ago tapset feature: initial support for dtrace static probes. it requires nginx-… 5 years ago util bugfix: C API: ngx_http_lua_add_package_preload() might not take effe… 3 months ago .gitattributes Revert "tweaked .gitattributes a bit more." a year ago .gitignore feature: implemented ssl_session_fetch_by_lua* and ssl_session_store_… 6 months ago 1 of 256 2/5/2017 1:36 PM openresty/lua-nginx-module: Embed the Power of Lua into NGINX HTTP servers https://github.com/openresty/lua-nginx-module .travis.yml travis-ci: upgraded openssl to 1.0.2k. 9 days ago README.markdown doc: updated copyright notice. 2 months ago config feature: added new config directive "lua_malloc_trim N" to periodical… 4 months ago valgrind.suppress valgrind.suppress: suppressed a false positive in the latest version … 2 years ago README.markdown Name ngx_http_lua_module - Embed the power of Lua into Nginx HTTP Servers.
    [Show full text]
  • Fortiweb Administration Guide V4.0.1 Revision 5
    FortiWeb™ Web Application Security Version 4.0 MR1 Patch 1 Administration Guide FortiWeb™ Web Application Security Administration Guide Version 4.0 MR1 Patch 1 Revision 5 13 December 2010 © Copyright 2010 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc. Trademarks Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiGate®, FortiGate Unified Threat Management System, FortiGuard®, FortiGuard-Antispam, FortiGuard-Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager, Fortinet®, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Regulatory compliance FCC Class A Part 15 CSA/CUS Caution: Risk of explosion if the battery on the main board is replaced by an incorrect type. Dispose of used batteries according to instructions. Caution: The Fortinet equipment is intended for installation in a Restricted Access Location. Contents Contents Introduction .............................................................................................. 9 Scope ............................................................................................................................
    [Show full text]
  • Ipass® Generic Interface Specification
    iPass® Generic Interface Specification BETWEEN SMART CLIENT S AND ACCESS GATEWAY , VERSION 1.6 Corporate Headquarters iPass Inc. 3800 Bridge Parkway Redwood Shores, CA 94065 USA www.ipass.com +1 650-232-4100 +1 650-232-0227 fx TABLE OF CONTENTS Scope 4 Client Integration 5 Login Request: Successful Case .......................................................................................................... 5 Login Request: Successful Case With Proxy Reply ........................................................................... 6 Login Request: Successful Case With Polling .................................................................................... 7 Login Request: Reject ............................................................................................................................ 7 Login Request: Reject With Polling ...................................................................................................... 8 Protocol Specifics .................................................................................................................................. 8 Smart Client HTTP GET to ORIGIN SERVER ................................................................................. 9 Redirect .......................................................................................................................................... 10 Proxy ............................................................................................................................................... 12 Authentication ................................................................................................................................
    [Show full text]
  • Protocol Considerations for Web Linkbase Access
    Protocol Considerations for Web Linkbase Access Erik Wilde Computer Engineering and Networks Laboratory Swiss Federal Institute of Technology, Z¨urich TIK Report 143 July 2002 Abstract We propose the Open Web, which aims at transforming the Web into an Open Hy- permedia System. Based on the Extensible Linking Language (XLink), we investigate the possibilities for implementing linkbase access methods. Linkbases are collections of so-called third-party links, which are links which live outside the resources that they are linking, and thus must be found and retrieved somehow when presenting the resources that they are linking. We focus on the protocol issues of accessing linkbases, concentrating on how such a new protocol could and should be designed. In addition to our design goal of specifying a protocol for accessing the linkbase Web service, be believe that our protocol considerations can serve as a blueprint for other areas where Web access to services is required. 1 Introduction The Hypertext Transfer Protocol (HTTP) [8] is the most widely used protocol on the Internet. It is mainly used as a client/server-protocol between a client (in most cases, a Web browser) requesting a Web resource, and a server responding to that request. While currently most browser interactions with servers are simple Web resource retrievals for immediate display (in most cases HTML pages or images), future developments will lead to an increasing exchange of non-display data, in particular metadata as the core matter of the Semantic Web [2]. In this paper, we investigate access to a special kind of metadata, which is link informa- tion.
    [Show full text]
  • Understanding Internet Censorship Policy: the Case of Greece
    Understanding Internet Censorship Policy: The Case of Greece Vasilis Ververis George Kargiotakis Arturo Filasto` Humboldt University Berlin The Tor Project Benjamin Fabian Afentoulis Alexandros Humboldt University Berlin Abstract the offending blog post via automatic RSS syndication. In February 2010 ISP Tellas/Wind Hellas blocked the The Greek government has recently initiated large scale Piratebay site [1]. In May 2012 the Greek Organiza- content blocking that leads to Internet censorship. In tion for Intellectual Property Collective Administration this article we analyze the techniques and policies used (AEPI) went to court against every Greek ISP demand- to block content of gambling websites in Greece and ing to censor Ellinadiko.com, a music sharing forum and present the implications of the detected underblock- Music-Bazaar.com, an MP3 webstore, both under the ac- ing and overblocking. We have collected results prob- cusation of infringing copyright laws [2]. The court or- ing eight major broadband and cellular Internet Service dered the ISPs to block the IP addresses of the referred Providers (ISPs) that are a representative sample of In- websites [23]. ternet usage in Greece, and investigate the methods and Later in September 2012 a citizen was arrested on infrastructure used to conduct the contentfiltering. The charges of malicious blasphemy and religious insult af- results of this study highlight issues related to how trans- ter posting a Facebook page that ridiculed a well-known parently Internetfiltering is implemented in democratic Greek Orthodox monk [12]. Following in January 2013, countries and could indicate the presence of unfair com- a politicianfiled a defamation lawsuit against a Greek petition between ISPs.
    [Show full text]