A Secure Proxy-Based Cross-Domain Communication for Web Mashups

A web mashup is a web application that integrates content from heterogeneous sources to provide users with a more integrated and seamless browsing experience. Client-side mashups differ from server-side mashups in that the content is integrated in the browser using the client-side scripts. However,...

Full description

Saved in:
Bibliographic Details
Main Authors: Shun-Wen Hsiao, Sun, Y. S., Fu-Chi Ao, Meng Chang Chen
Format: Conference Proceeding
Language:eng ; jpn
Subjects:
Access control
Browsers
Generators
HTML
Mashups
same origin policy
Web pages
Web Security
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A web mashup is a web application that integrates content from heterogeneous sources to provide users with a more integrated and seamless browsing experience. Client-side mashups differ from server-side mashups in that the content is integrated in the browser using the client-side scripts. However, the legacy same origin policy (SOP) implemented by the browsers cannot provide a flexible client-side communication mechanism to exchange information between different sources. To address this problem, we propose a secure client-side cross-domain communication model facilitated by a trusted proxy and the HTML 5 post Message method. The proxy-based model supports fine-grained access control for elements that belong to different sources in web mashups, and the design guarantees the confidentiality, integrity, and authenticity during cross-domain communications. The proxy-based design also allows users to browse mashups without installing browser plug-ins. For mashups developers, the provided API minimizes the amount of code modification. The results of experiments demonstrate that the overhead in-curred by our proxy model is low and reasonable.
DOI:10.1109/ECOWS.2011.10