{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:04:51Z","timestamp":1754157891295,"version":"3.41.2"},"reference-count":41,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2008,11,21]],"date-time":"2008-11-21T00:00:00Z","timestamp":1227225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008,11,21]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>Web\u2010based social networks (WBSNs) are today one of the most relevant phenomena related to the advent of Web 2.0. The purpose of this paper is to discuss main security and privacy requirements arising in WBSNs, with a particular focus on access control, and to survey the main research activities carried out in the field. The social networking paradigm is today used not only for recreational purposes; it is also used at the enterprise level as a means to facilitate knowledge sharing and information dissemination both at the internet and at the intranet level. As a result of the widespread use of WBSN services, millions of individuals can today easily share personal and confidential information with an incredible amount of (possible unknown) other users. Clearly, this huge amount of information and the ease with which it can be shared and disseminated pose serious security and privacy concerns.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>The paper discusses the main requirements related to access control and privacy enforcement in WBSNs. It presents the protection functionalities provided by today WBSNs and examines the main research proposals defined so far, in view of the identified requirements.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>The area of access control and privacy for WBSNs is new and, therefore, many research issues still remain open. The paper provides an overview of some of these new issues.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>The paper provides a useful discussion of the main security and privacy requirements arising in WBSNs, with a particular focus on access control. It also surveys the main research activities carried out in the field.<\/jats:p><\/jats:sec>","DOI":"10.1108\/17440080810919468","type":"journal-article","created":{"date-parts":[[2008,11,15]],"date-time":"2008-11-15T07:05:37Z","timestamp":1226732737000},"page":"395-415","source":"Crossref","is-referenced-by-count":23,"title":["Access control and privacy in web\u2010based social networks"],"prefix":"10.1108","volume":"4","author":[{"given":"Barbara","family":"Carminati","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Elena","family":"Ferrari","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022012620052207000_b1","doi-asserted-by":"crossref","unstructured":"Agrawal, R., Kiernan, J., Ramakrishnan, S. and Xu, Y. (2002), \u201cHippocratic databases\u201d, Proceedings of the 28th VLDB Conference, Hong Kong.","DOI":"10.1016\/B978-155860869-6\/50021-4"},{"key":"key2022012620052207000_b2","doi-asserted-by":"crossref","unstructured":"Avesani, P., Massa, P. and Tiella, R. (2005), \u201cA trust\u2010enhanced recommender system application: Moleskiing\u201d, Proceedings of ACM Symposium on Applied Computing (SAC 2005), Santa Fe, New Mexico.","DOI":"10.1145\/1066677.1067036"},{"key":"key2022012620052207000_b3","doi-asserted-by":"crossref","unstructured":"Ali, B., Villegas, W. and Maheswaran, M. (2007), \u201cA trust based approach for protecting user data in social networks\u201d, Proceedings of Conference of the Center for Advanced Studies on Collaborative research (CASCON'07), Richmond Hill, Ontario, Canada.","DOI":"10.1145\/1321211.1321251"},{"key":"key2022012620052207000_b4","doi-asserted-by":"crossref","unstructured":"Backstrom, L., Dwork, C. and Kleinberg, J. (2007), \u201cWherefore art thou R3579X? Anonymized social networks, hidden patterns, and structural steganography\u201d, Proceedings of the World Wide Web Conference (WWW'07), Banff, Alberta, Canada.","DOI":"10.1145\/1242572.1242598"},{"key":"key2022012620052207000_b5","doi-asserted-by":"crossref","unstructured":"Bell, D. and LaPadula, L. (1975), \u201cSecure computer systems: unified exposition and multics interpretation\u201d, ESD\u2010TR\u201075\u2010306, Hanscom Air Force Base, Bedford, MA.","DOI":"10.21236\/ADA023588"},{"key":"key2022012620052207000_b6","unstructured":"Berteau, S. (2007), \u201cFacebook's misrepresentation of Beacon's threat to privacy: tracking users who opt out or are not logged in\u201d, CA Security Advisor Research Blog, available at: http:\/\/community.ca.com\/blogs\/securityadvisor\/archive\/2007\/11\/29\/facebook\u2010s\u2010misrepresentation\u2010of\u2010beacon\u2010s\u2010threat\u2010to\u2010privacy\u2010tracking\u2010users\u2010who\u2010opt\u2010out\u2010or\u2010are\u2010not\u2010logged\u2010in.aspx."},{"key":"key2022012620052207000_b7","doi-asserted-by":"crossref","unstructured":"Bertino, E., Byun, J. and Li, N. (2005), \u201cPrivacy\u2010preserving database systems\u201d, Proceedings of Foundations of Security Analysis and Design III, Tutorial Lectures, Bertinoro, Italy.","DOI":"10.1007\/11554578_6"},{"key":"key2022012620052207000_b8","doi-asserted-by":"crossref","unstructured":"Beth, T., Borcherding, M. and Klein, B. (1994), \u201cValuation of trust in open networks\u201d, Proceedings of the 3rd European Symposium on Research in Computer Security (ESORICS 1994), Brighton, UK.","DOI":"10.1007\/3-540-58618-0_53"},{"key":"key2022012620052207000_b9","unstructured":"Brickley, D. and Miller, L. (2005), \u201cFOAF vocabulary specification, RDF vocabulary specification\u201d, available at: http:\/\/xmlns.com\/foaf\/0.1."},{"key":"key2022012620052207000_b10","unstructured":"Canadian Privacy Commission (2007), \u201cSocial networking and privacy\u201d, available at: www.privcom.gc.ca\/information\/social\/index_e.asp."},{"key":"key2022012620052207000_b11","doi-asserted-by":"crossref","unstructured":"Carminati, B., Ferrari, E. and Perego, A. (2006), \u201cRule\u2010based access control for social networks\u201d, Proceeding of OTM Workshop, Montpellier, France.","DOI":"10.1007\/11915072_80"},{"key":"key2022012620052207000_b12","doi-asserted-by":"crossref","unstructured":"Carminati, B., Ferrari, E. and Perego, A. (2007), \u201cPrivate relationships in social networks\u201d, Proceedings of ICDE Workshops, Istanbul, Turkey.","DOI":"10.1109\/ICDEW.2007.4400987"},{"key":"key2022012620052207000_b13","doi-asserted-by":"crossref","unstructured":"Carminati, B. and Ferrari, E. (2008a), \u201cTrust\u2010based information sharing in collaborative communities: issues and challenges\u201d, Proceeding of the Future of Trust in Computing Conference, Berlin, Germany.","DOI":"10.1007\/978-3-8348-9324-6_9"},{"key":"key2022012620052207000_b14","unstructured":"Carminati, B. and Ferrari, E. (2008b), \u201cPrivacy\u2010aware collaborative access control in web\u2010based social networks\u201d, Proceedings of the 22nd IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC2008), London, UK."},{"key":"key2022012620052207000_b15","unstructured":"Chen, L. (2006), \u201cFacebook's feeds cause privacy concerns\u201d, The Amherst Student, available at: http:\/\/halogen.note.amherst.edu\/ \u223c\u2009astudent\/2006\u20102007\/issue02\/news\/01.html."},{"key":"key2022012620052207000_b16","unstructured":"Ding, L., Zhou, L., Finin, T.W. and Joshi, A. (2005), \u201cHow the semantic web is being used: an analysis of FOAF documents\u201d, Proceedings of the 38th Hawaii International Conference on System Sciences (HICSS\u201038 2005), Hawaii."},{"key":"key2022012620052207000_b17","unstructured":"Dwyer, C., Passerini, K. and Hiltz, R.S. (2007), \u201cTrust and privacy concern within social networking sites: a comparison of Facebook and MySpace\u201d, Proceedings of the 13th Americas Conference on Information Systems proceedings, Keystone, Colorado, USA."},{"key":"key2022012620052207000_b18","unstructured":"EPIC (2008a), \u201cFacebook privacy page\u201d, available at: http:\/\/epic.org\/privacy\/facebook\/."},{"key":"key2022012620052207000_b19","unstructured":"EPIC (2008b), \u201cSocial networking privacy\u201d, available at: http:\/\/epic.org\/privacy\/socialnet\/default.html."},{"key":"key2022012620052207000_b20","unstructured":"Federal Trade Commission (2007), \u201cSocial networking sites: a parents guide\u201d, available at: www.ftc.gov\/bcp\/edu\/pubs\/consumer\/tech\/tec13.shtm."},{"key":"key2022012620052207000_b21","doi-asserted-by":"crossref","unstructured":"Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.I., Kuhn, D.R. and Chandramouli, R. (2001), \u201cProposed NIST standard for role\u2010based access control\u201d, ACM Transactions Information and System Security, Vol. 4 No. 3, pp. 224\u201074.","DOI":"10.1145\/501978.501980"},{"key":"key2022012620052207000_b22","unstructured":"Ferrari, E. and Thuraisingham, B. (2000), \u201cSecure database systems\u201d, in Piattini, M. and Diaz, O. (Eds), Advanced Database Technology and Design, Artech House, Inc., Norwood, MA, pp. 353\u2010403 (Chapter 11)."},{"key":"key2022012620052207000_b23","unstructured":"Garfinkel, S. (1996), PGP: Pretty Good Privacy, O'Reilly & Associates, Inc., Sebastopol, CA."},{"key":"key2022012620052207000_b24","unstructured":"Golbeck, J.A. (2005), \u201cComputing and applying trust in web\u2010based social networks\u201d, PhD thesis, Graduate School of the University of Maryland, College Park, MD, available at: http:\/\/trust.mindswap.org\/papers\/GolbeckDissertation.pdf."},{"key":"key2022012620052207000_b25","doi-asserted-by":"crossref","unstructured":"Griffiths, P.P. and Wade, B.W. (1976), \u201cAn authorization mechanism for a relational database system\u201d, ACM Transactions on Database Systems, Vol. 1 No. 3, pp. 242\u201055.","DOI":"10.1145\/320473.320482"},{"key":"key2022012620052207000_b26","doi-asserted-by":"crossref","unstructured":"Gross, R. and Acquisti, A. (2005), \u201cInformation revelation and privacy in online social networks (The Facebook case)\u201d, Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES'05), Alexandria, VA, USA.","DOI":"10.1145\/1102199.1102214"},{"key":"key2022012620052207000_b27","unstructured":"Hay, M., Miklau, G., Jensen, D., Weis, P. and Srivastava, S. (2007), \u201cAnonymizing social networks\u201d, Technical report, University of Massachusetts Amherst, Amherst, MA."},{"key":"key2022012620052207000_b28","unstructured":"Hart, M., Johnson, R. and Stent, A. (2007), \u201cMore content \u2013 less control: access control in the web 2.0\u201d, Proceedings of the Web 2.0 Security & Privacy 2007 Workshop, Oakland, California, USA."},{"key":"key2022012620052207000_b29","unstructured":"Hogben, G. (2007), \u201cSecurity issues and recommendations for online social networks\u201d, ENISA Position Paper 1, European Network and Information Security Agency (ENISA), October, available at: www.enisa.europa.eu\/doc\/pdf\/deliverables\/enisa_pp_social_networks.pdf."},{"key":"key2022012620052207000_b30","doi-asserted-by":"crossref","unstructured":"Kamvar, S.D., Schlosser, M.T. and Garcia\u2010Molina, H. (2003), \u201cThe Eigentrust algorithm for reputation management in P2P networks\u201d, Proceedings of the 12th International World Wide Web Conference (WWW'03), Budapest, Hungary.","DOI":"10.1145\/775152.775242"},{"key":"key2022012620052207000_b31","doi-asserted-by":"crossref","unstructured":"Korolova, A., Motwani, R., Nabar, S.U. and Xu, Y. (2008), \u201cLink privacy in social networks\u201d, Proceedings of the 24th International Conference on Data Engineering (ICDE'08), Cancun, Mexico.","DOI":"10.1109\/ICDE.2008.4497554"},{"key":"key2022012620052207000_b32","doi-asserted-by":"crossref","unstructured":"Liu, K. and Terzi, E. (2008), \u201cTowards identity anonymization on graphs\u201d, Proceedings of the ACM SIGMOD Conference, Vancouver, BC, Canada.","DOI":"10.1145\/1376616.1376629"},{"key":"key2022012620052207000_b34","unstructured":"Reiter, M.K. and Stubblebine, S.G. (1997), \u201cToward acceptable metrics of authentication\u201d, Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA."},{"key":"key2022012620052207000_b35","unstructured":"Sandhu, R.S., Zhang, X., Ranganathan, K. and Covington, M.J. (2006), \u201cClient\u2010side access control enforcement using trusted computing and PEI models\u201d, Journal of High Speed Networks, Vol. 15 No. 3, pp. 229\u201045."},{"key":"key2022012620052207000_b37","doi-asserted-by":"crossref","unstructured":"Sweeney, L. (2002), \u201cAchieving k\u2010anonymity privacy protection using generalization and suppression\u201d, International Journal on Uncertainty, Fuzziness and Knowledge\u2010based Systems, Vol. 10 No. 5, pp. 571\u201088.","DOI":"10.1142\/S021848850200165X"},{"key":"key2022012620052207000_b38","doi-asserted-by":"crossref","unstructured":"Verykios, V.S., Bertino, E., Fovino, I.N., Provenza, L.P., Saygin, Y. and Theodoridis, Y. (2005), \u201cState\u2010of\u2010the\u2010art in privacy preserving data mining\u201d, ACM SIGMOD Record, Vol. 3 No. 1, pp. 50\u20107.","DOI":"10.1145\/974121.974131"},{"key":"key2022012620052207000_b39","doi-asserted-by":"crossref","unstructured":"Winslett, M., Ching, N., Jones, V. and Slepchin, I. (1997), \u201cUsing digital credentials on the world wide web\u201d, Journal of Computer Security, Vol. 5 No. 3, pp. 255\u201067.","DOI":"10.3233\/JCS-1997-5307"},{"key":"key2022012620052207000_b40","unstructured":"Zheleva, E. and Getoor, L. (2007), \u201cPreserving the privacy of sensitive relationships in graph data\u201d, Proceedings of the International Workshop on Privacy, Security, and Trust in KDD (PinKDD'07), San Jose, CA."},{"key":"key2022012620052207000_b41","doi-asserted-by":"crossref","unstructured":"Zhou, B. and Pei, J. (2008), \u201cPreserving privacy in social networks against neighborhood attacks\u201d, Proceedings of the 24th International Conference on Data Engineering (ICDE'08), Cancun, Mexico.","DOI":"10.1109\/ICDE.2008.4497459"},{"key":"key2022012620052207000_frd1","doi-asserted-by":"crossref","unstructured":"McAfee, A.P. (2006), \u201cEnterprise 2.0: the dawn of emergent collaboration\u201d, MIT Sloan Management Review, Vol. 47 No. 3, pp. 21\u20108.","DOI":"10.1109\/EMR.2006.261380"},{"key":"key2022012620052207000_frd2","doi-asserted-by":"crossref","unstructured":"Staab, S., Domingos, P., Mika, P., Golbeck, J., Ding, L. and Finin, T. (2005), \u201cSocial networks applied\u201d, IEEE Intelligent Systems, Vol. 20 No. 1, pp. 80\u201093.","DOI":"10.1109\/MIS.2005.16"}],"container-title":["International Journal of Web Information Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/17440080810919468","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/17440080810919468\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/17440080810919468\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:24:56Z","timestamp":1753403096000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ijwis\/article\/4\/4\/395-415\/165219"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,11,21]]},"references-count":41,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2008,11,21]]}},"alternative-id":["10.1108\/17440080810919468"],"URL":"https:\/\/doi.org\/10.1108\/17440080810919468","relation":{},"ISSN":["1744-0084"],"issn-type":[{"type":"print","value":"1744-0084"}],"subject":[],"published":{"date-parts":[[2008,11,21]]}}}