Search results

The interoperability of cloud data between web applications and mobile devices has vastly improved over recent years. The popularity of social media, smartphones and cloud-based web services have contributed to the level of integration that can be achieved between applications. This paper investigates the potential security issues of OAuth, an authorisation framework for granting third-party applications revocable access to user data. OAuth has rapidly become an interim de facto standard for protecting access to web API data. Vendors have implemented OAuth before the open standard was officially published. To evaluate whether the OAuth 2.0 specification is truly ready for industry application, an entire OAuth client server environment was developed and validated against the speciation threat model. The research also included the analysis of the security features of several popular OAuth integrated websites and comparing those to the threat model. High-impacting exploits leading to account hijacking were identified with a number of major online publications. It is hypothesised that the OAuth 2.0 specification can be a secure authorisation mechanism when implemented correctly.

To analyse the security of OAuth implementations in industry a list of the 50 most popular websites in Ireland was retrieved from the statistical website Alexa (Noureddine and Bashroush, 2011). Each site was analysed to identify if it utilised OAuth. Out of the 50 sites, 21 were identified with OAuth support. Each vulnerability in the threat model was then tested against each OAuth-enabled site. To test the robustness of the OAuth framework, an entire OAuth environment was required. The proposed solution would compose of three parts: a client application, an authorisation server and a resource server. The client application needed to consume OAuth-enabled services. The authorisation server had to manage access to the resource server. The resource server had to expose data from the database based on the authorisation the user would be given from the authorisation server. It was decided that the client application would consume emails from Google’s Gmail API. The authorisation and resource server were modelled around a basic task-tracking web application. The client application would also consume task data from the developed resource server. The client application would also support Single Sign On for Google and Facebook, as well as a developed identity provider “MyTasks”. The authorisation server delegated authorisation to the client application and stored cryptography information for each access grant. The resource server validated the supplied access token via public cryptography and returned the requested data.

Two sites out of the 21 were found to be susceptible to some form of attack, meaning that 10.5 per cent were vulnerable. In total, 18 per cent of the world’s 50 most popular sites were in the list of 21 OAuth-enabled sites. The OAuth 2.0 specification is still very much in its infancy, but when implemented correctly, it can provide a relatively secure and interoperable authentication delegation mechanism. The IETF are currently addressing issues and expansions in their working drafts. Once a strict level of conformity is achieved between vendors and vulnerabilities are mitigated, it is likely that the framework will change the way we access data on the web and other devices.

OAuth is flexible, in that it offers extensions to support varying situations and existing technologies. A disadvantage of this flexibility is that new extensions typically bring new security exploits. Members of the IETF OAuth Working Group are constantly refining the draft specifications and are identifying new threats to the expanding functionality. OAuth provides a flexible authentication mechanism to protect and delegate access to APIs. It solves the password re-use across multiple accounts problem and stops the user from having to disclose their credentials to third parties. Filtering access to information by scope and giving the user the option to revoke access at any point gives the user control of their data. OAuth does raise security concerns, such as defying phishing education, but there are always going to be security issues with any authentication technology. Although several high impacting vulnerabilities were identified in industry, the developed solution proves the predicted hypothesis that a secure OAuth environment can be built when implemented correctly. Developers must conform to the defined specification and are responsible for validating their implementation against the given threat model. OAuth is an evolving authorisation framework. It is still in its infancy, and much work needs to be done in the specification to achieve stricter validation and vendor conformity. Vendor implementations need to become better aligned in order to provider a rich and truly interoperable authorisation mechanism. Once these issues are resolved, OAuth will be on track for becoming the definitive authentication standard on the web.

The purpose of this paper is to examine the implications of the Northern Ireland Good Friday Agreement (GFA) through the lens of sport, particularly football, and with reference to theoretical literature on peace-making processes.

The paper is structured in such a way as to review theoretical literature, to consider the nature of the Northern Ireland problem and its implications for sport, to critique the current settlement and to demonstrate its failings using sport as an exemplar. The methods used are a critical review of relevant literature combined with reflections on the author's own involvement in sport and community relations.

The paper argues that the GFA has resulted in a consociational “solution” to the Northern Ireland problem. The example of sport, and especially the standing of the Northern Ireland football team, indicates that such a settlement fails to address the central problem of two divided communities with different political aspirations and attitudes towards national identity.

The analysis is limited to the extent that it adopts an essentially top down approach. The findings deserve to be confirmed (or indeed refuted) at some future point by a gathering data from football fans and others. However, the implications are that the terms of the GFA should be revisited in the light of evidence of the failings of the current settlement not only as found in this paper but based on recent political developments.

The Irish Football Association has to address the perception that appears prevalent amongst some Catholic players that they are not wanted by the national association. Politicians need to renew their efforts to create greater mutual understanding instead of fooling themselves that so long as they can talk to each other, the communities they represent will remain peaceful.

I doubt if any academic author has had the same degree of involvement in relation to the role of sport in the Northern Ireland peace process. What gives the paper its particular value, however, is the fact that it is probably unique in looking at sport in Northern Ireland with specific reference to political science peace-making literature.

Communications regarding this column should be addressed to Mrs. Cheney, Peabody Library School, Nashville, Tenn. 37203. Mrs. Cheney does not sell the books listed here. They are available through normal trade sources. Mrs. Cheney, being a member of the editorial board of Pierian Press, will not review Pierian Press reference books in this column. Descriptions of Pierian Press reference books will be included elsewhere in this publication.

The purpose of this paper is to investigate how public relations practitioners perceive investor relations itself and what the potential is in terms of public relations with empirical results.

A web‐based survey was conducted by using systematic random sampling with a probability sample of 5,000 public relations practitioners drawn from the 2004 Public Relations Society of America (PRSA) Directory. The survey consisted of three sections, investor relations functions at organizations with a multiple‐answer format, perceptions on specific activities of investor relations with a seven‐point Likert scale, and demographic information.

Practitioners conceived that counseling with top management the most important investor relations activity and that earning a reputation for honesty the most significant result the activity can create. Moreover, practitioners considered direct involvement with top management a highly effective investor relations strategy for achieving goals. However, for handling investor relations, practitioners showed contrary attitudes regarding qualifications and undergraduate courses, indicating that public relations qualifications would be more needed for entry‐levels, while basics for finance would be more necessary for undergraduates.

This research acquired an extraordinarily low response rate, 3.54 percent and targeted the US public relations practitioners only.

This study is the first to directly investigate public relations practitioners' perceptions on investor relations as well as fairly in accordance with the current consensus that investor relations and public relations should be convergent.

This study examines how perceptions of injustice, anger, and group identification motivate follower intentions to engage in collective action against leaders. The study revolved around the Malaysian prime minister’s actions and responses toward allegations of misuse of public funds. Responses from 112 Malaysians via a cross-sectional survey revealed that follower perceptions of leader injustice are significantly related to anger toward the leader, which in turn is related to intentions to engage in collective action. The relationship between perceptions of distributive injustice and anger is moderated by group identification, while group efficacy moderates the relationship between anger and collective action intentions.

This research study focuses on two critical questions. First, to what extent are US corporate directors now taking independent steps to protect stakeholders from future corporate débâcles, such as Enron and Tyco? Second, how have these débâcles personally impacted US corporate directors in other companies?

A total of 114 corporate business directors replied to a mail questionnaire.

Respondents reported that: the number of board‐initiated voluntary changes being considered is very modest; managements are not doing a good job communicating changes in internal control procedures to boards; the recent corporate débâcles caused only about 9 percent of director respondents to become uneasy about their directorships; greater “due diligence” is needed currently before accepting a board position (it is still an “honor” to be asked to join a board); some senior managers are not being realistic about the significant time commitment needed to be a director in the twenty‐first century.

Despite the modest sample size, the very broad range of the firms’ sales data suggests that the sample may be somewhat representative of US business boards. Other studies have been based similar size samples.

Recent changes in corporate governance have been less rigorous than reported, despite many press reports concluding that corporate America is in a period of accelerating change. Outside directors seem to be unwilling to confront management on critical issues. Consequently, US directors need to be more proactive in making changes, or stakeholders can look forward to continuing débâcless like Enron, Tyco, and WorldCom.

The following classified, annotated list of titles is intended to provide reference librarians with a current checklist of new reference books, and is designed to supplement the RSR review column, “Recent Reference Books,” by Frances Neel Cheney. “Reference Books in Print” includes all additional books received prior to the inclusion deadline established for this issue. Appearance in this column does not preclude a later review in RSR. Publishers are urged to send a copy of all new reference books directly to RSR as soon as published, for immediate listing in “Reference Books in Print.” Reference books with imprints older than two years will not be included (with the exception of current reprints or older books newly acquired for distribution by another publisher). The column shall also occasionally include library science or other library related publications of other than a reference character.

Communications regarding this column should be addressed to Mrs. Cheney, Peabody Library School, Nashville, Term. 37203. Mrs. Cheney does not sell the books listed here. They are available through normal trade sources. Mrs. Cheney, being a member of the editorial board of Pierian Press, will not review Pierian Press reference books in this column. Descriptions of Pierian Press reference books will be included elsewhere in this publication.