3.1.2 Collaborative Editing

Information which appears as a single source or article is edited by multiple possibly unnamed and untraceable users. The best-known example of this is Wikipedia.

3.1.3 Embedded Widgets

A single web page contains Javascript or Ajax applications from multiple origins. Each of these may need to communicate with multiple servers or other widgets on the page in order to function. An example of this pattern is the widgets found in social networking applications such as Facebook and MySpace. Online advertising is another example since advertisements are usually served by a third party but need to take into account other content on the page in order to personalise the advertisements. Often widgets are developed with a limited life span eg, complex Flash ads. Web 2.0 Security and Privacy 12 Information consumer Browser Source 1 Browser Source 4 Browser Source 2 Browser Source 3

3.1.4 Portability of Access Rights

Any sensitive information which is syndicated through RSS or otherwise passes through multiple applications in a chain of Web 2.0 services may also be subject to access control and authorisation rules. A classic example of this is the export of social networking data where privacy rules and controls have been set. Web 2.0 Security and Privacy 13 Server 1 Server 2 Widget 1, Origin Domain 1 communicates with Server 1, Server 2 Widget 2, Origin Domain 2, communicates with Server 1, Server 2

3.1.5 Delegation of Authorisation Rights

Web 2.0 applications which aggregate other services often need authorisation to access sensitive information. A classic example is the delegation of authorisation to access an email address book to a social networking application. Another example is a service which aggregates different Internet banking services into one page. Web 2.0 Security and Privacy 14 Web Provider 1 Access Control Rules Access Control Rules Web Provider 1 Web Provider 1 Access Control Rules Data Data User Limited Access Ticket Web Application Widget Personal Data