開放授權2.0裡的使用者匿名

Abstract

近年來雲端服務及社群網站的大舉興起，同時也助長了第三方應用程式服務的蓬勃發展。而為使使用者的個人資訊能有限度地提供給第三方應用程式服務使用，而毋須將個人密碼等私密資訊完全交付予第三方應用程式服務，於是開放授權(OAuth)在2006年因應而生，提供第三方應用程式服務與擁有使用者個人資訊的網站平台如Google、Facebook等，在透過OAuth的協議之下進行授權資料的存取。然而匿名性的問題在越來越重視個人隱私的網路趨勢裡亦逐漸受重視，使用者進一步希望在使用第三方應用程式服務的當下，能夠對於擁有個人資訊的網站平台仍保有匿名性。因此在我們的研究裡，在現有OAuth協議裡的運作程序，我們加入了匿名登入與匿名存取的機制，讓使用者授權的資料存取達到相當的匿名保護。

With the bloom of cloud services and social networking sites in recent years, it also contributes to the vigorous development of third-party application services. To limit the user's personal information provided to third-party applications and without providing personal password and other private information to those services, OAuth was born in 2006 in response to provide third-party application services for accessing users’ personal information stored in website platform such as Google, Facebook, etc. over the open authorization protocol. However, Internet users pay more attention to the issues of anonymity in the network on personal privacy, and further hope in the moment to use the services of third-party applications, they can also retain anonymity of using third-party applications without being known to those website platforms. Therefore, in our study, we add the anonymous login and anonymous access mechanism into the existing OAuth protocol, so that the user authorization data access can keep a great level of anonymity. Keyword: OAuth,