Access control and Privacy in Web-based Social Networks

Web-based social networks (WBSNs) are today one of the most relevant phenomena related to the advent of Web 2.0. The purpose of this paper is to discuss main security and privacy requirements arising in WBSNs, with a particular focus on access control, and to survey the main research activities carried out in the field. The social networking paradigm is today used not only for recreational purposes; it is also used at the enterprise level as a means to facilitate knowledge sharing and information dissemination both at the internet and at the intranet level. As a result of the widespread use of WBSN services, millions of individuals can today easily share personal and confidential information with an incredible amount of (possible unknown) other users. Clearly, this huge amount of information and the ease with which it can be shared and disseminated pose serious security and privacy concerns. The paper discusses the main requirements related to access control and privacy enforcement in WBSNs. It presents the protection functionalities provided by today WBSNs and examines the main research proposals defined so far, in view of the identified requirements. The area of access control and privacy for WBSNs is new and, therefore, many research issues still remain open. The paper provides an overview of some of these new issues. The paper provides a useful discussion of the main security and privacy requirements arising in WBSNs, with a particular focus on access control. It also surveys the main research activities carried out in the field.