Security for Mashups
Security for mashups involves technologies or methods that allow integrating data or services from different sources, while protecting the security of each Web application or service from each other.
Mashup is a technique for Web applications that integrates data or functions from different sources to create a new service. An example of a mashup application is a Web-based restaurant guide, which integrates an online map service to show the locations of the restaurants, combined with blog entries that provide reviews of those restaurants. The mashup approach allows creating new applications by leveraging content and services in existing Web sites.
However, a mashup application may pose new security risks, because typical mashup applications integrate into single Web page content and services from locations with different trust levels. Hence, if any of the sources have malicious intent, then that source...
- 1.Jackson C, Wang H (2007) Subspace: secure cross-domain communication for Web mashups. 16th International World Wide Web Conference (WWW ’07). Banff, Alberta, Canada, May 8–12, 2007Google Scholar
- 2.Keukelaere FD, Bhola S, Steiner M, Chari S, Yoshihama S (2008) SMash: secure component model for cross-domain mashups on unmodified browsers. 17th International World Wide Web Conference (WWW ’08). Beijing, China, April 25–28, 2008Google Scholar
- 3.OpenAjax Hub 2.0, http://www.openajax.org/member/wiki/OpenAjax_Hub_2.0_Specification
- 5.XMLHttpRequest Level 2, http://www.w3.org/TR/XMLHttpRequest2/
- 6.Cross-Origin Resource Sharing, W3C Working Draft 17 March 2009, http://www.w3.org/TR/access-control/
- 7.HTTP access control, https://developer.mozilla.org/En/HTTP_Access_Control
- 8.Microsoft, Better Ajax Development: Windows® Internet Explorer® 8. Whitepaper, March 2008Google Scholar