{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00233812","sets":["1164:6389:11481:11634"]},"path":["11634"],"owner":"44499","recid":"233812","title":["Webサービスに対する認証・認可機能アドオンサービスA+Blockの設計"],"pubdate":{"attribute_name":"公開日","attribute_value":"2024-03-14"},"_buckets":{"deposit":"d74a68a2-e8ff-4d07-8682-6750128bb2a8"},"_deposit":{"id":"233812","pid":{"type":"depid","value":"233812","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Webサービスに対する認証・認可機能アドオンサービスA+Blockの設計","author_link":["635952","635949","635953","635946","635950","635945","635941","635944","635948","635951","635942","635938","635940","635939","635943","635947"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Webサービスに対する認証・認可機能アドオンサービスA+Blockの設計"},{"subitem_title":"Design of the Authentication and Authorization Add-on Service A+Block for Web Services","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"SPT(3)","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2024-03-14","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"神戸大学"},{"subitem_text_value":"名古屋工業大学"},{"subitem_text_value":"佐賀大学"},{"subitem_text_value":"兵庫県立大学"},{"subitem_text_value":"神戸大学"},{"subitem_text_value":"近畿大学"},{"subitem_text_value":"神戸大学"},{"subitem_text_value":"神戸大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Nagoya Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Saga University","subitem_text_language":"en"},{"subitem_text_value":"University of Hyogo","subitem_text_language":"en"},{"subitem_text_value":"Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Kindai University","subitem_text_language":"en"},{"subitem_text_value":"Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Kobe University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/233812/files/IPSJ-SPT24054041.pdf","label":"IPSJ-SPT24054041.pdf"},"date":[{"dateType":"Available","dateValue":"2026-03-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-SPT24054041.pdf","filesize":[{"value":"619.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"c1540ff8-94f3-4be4-9180-044be9f6aef4","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"藤井, 翔太"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"掛井, 将平"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"廣友, 雅徳"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"瀧田, 愼"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"白石, 善明"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"毛利, 公美"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"葛野, 弘樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"森井, 昌克"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Shota, Fujii","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shohei, Kakei","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masanori, Hirotomo","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Makoto, Takita","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yoshiaki, Shiraishi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masami, Mohri","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiroki, Kuzuno","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masakatu, Morii","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12628305","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8671","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"安全な Web サービスを実現するには，アクセスするユーザの認証・認可や攻撃性のあるリクエストの検知・遮断する Web Application Firewall（WAF）などのセキュリティ機能を適切に組み込むことが求められる．コンテンツ管理システム（CMS）のような Web サービスの開発を支援する仕組みがある一方で，セキュリティに関する知識が十分にない場合，必要なセキュリティ対策の理解と実施は容易でない．そこで本研究では，Web サービス運用者にセキュリティ機能を組み込むための知識を求めることなく，セキュリティ機能を Web サービスにアドオンする認証・認可機能アドオンサービス「A+Block」を提案する．A+Block は，保護対象の Web サービスの URL を入力するだけで認証・認可や WAF と連携する仕組みを提供する．A+Block を利用して，プロキシ経由で提供する Web サービスについて，サービスの可用性の観点で評価するために，WordPress における利用頻度が上位 30 件のプラグインを用いて作成した 30 個の Web サイトに対して検証を行い，セキュリティ機能が付与された状態でサービスの提供が可能であることを確認している．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"For realizing secure web services, it is essential to incorporate security functions such as authentication and authorization of accessing users and detection and blocking of malicious requests. Although some systems, such as Content Management Systems, support developers in developing web services, it is generally challenging for those with no technical background in security to understand and implement security measures appropriately. This research proposes A+Block, a reverse proxy-based web protection add-on service. A+Block externalizes security functions such as authentication, authorization, and Web Application Firewall (WAF); developers can attach them to web services without any modification. This paper provides a mechanism for the reverse proxy to work in cooperation with the web service by entering the web service URL to be protected. To evaluate the impact of the proposed service on web service availability, we conducted tests on 30 websites created using the top 30 most frequently used plugins in WordPress. We confirmed that A+Block can provide security functions to web services.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告セキュリティ心理学とトラスト（SPT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2024-03-14","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"41","bibliographicVolumeNumber":"2024-SPT-54"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":233812,"updated":"2025-01-19T09:58:38.642310+00:00","links":{},"created":"2025-01-19T01:35:24.464249+00:00"}