One practical real-world solution to Secure Mashups
May 14th, 2007Dion Almaer points us to a recently released paper [pdf] from Collin Jackson and Helen Wang introducing their research into a new method of Secure Cross-Domain Communication for Web Mashups.
The method is designed to provide secure cross-domain scripting using the tools that are available now, so we don’t have to wait for the next generation of browsers to provide purpose-built mechanisms.
Collin and Helen, along with some other Microsoft colleagues, have also authored another paper entitled MashupOS: Operating System Abstractions for Client Mashups [pdf] that is worth reading.
Interesting that it uses frame/iframe method just like the good old days of JSRS!!!!
[…] CrossSafe apparently uses a technique similiar to that described in the Subspace document I blogged about recently. I’m looking forward to inpecting the code since there was no code released with the research paper. […]