[转载]More Content Less Control: Access Control in the Web 2.0

文章作者：Michael Hart, Rob Johnson, and Amanda Stent
原始出处：http://seclab.cs.rice.edu/w2sp/2007/

本文章是Web 2.0 Security & Privacy 2007的议题。

The popularity of social-networking sites, blogging and other content-sharing sites has exploded, resulting in more personal information and opinions being available with less access control than ever before. Many content-sharing sites provide only the most rudimentary access control: a document can be either completely private or completely public. Other sites offer the slightly more flexible private/friends/public access-control model, but this still fails to support natural distinctions users need, such as separating real-world friends from online friends. The traditional response to these privacy concerns is to post anonymously or pseudonymously, but recent psychological research shows that some Internet users do not establish separate, online personae, but instead consider their online identity as an extension of their real-life self . And although privacy expectations that users desire are easy to state, there is a large gap between the users’ mental models and the policy languages of traditional access-control systems.