Isaac's Blog: Welcome to the Future: Securing User-Centric Mashup Applications

Tuesday, April 22, 2008

Securing User-Centric Mashup Applications

Here is a little whitepaper written primarily by Sigbjorn with help from me and Eric from Galois.

Abstract

Having the ability to easily combine together information from a number of disparate input sources into a greater whole is a touted benefit of 'Web2.0' mashup applications. They have great promise as flexible, and user-tailored ways to both disseminate and collaborate on information on the web, but with today's web technology, face a number of security risks when being asked to also aggregate restricted information sources. This paper introduces the domain and what these risks are, along with suggested mashup application architectures that are more secure.

No comments:

Post a Comment

About Isaac

I'm the CEO of Tozny, an innovative security and privacy company building easy to use products. Previously, I was the Principal Investigator for Assured Information Sharing at Galois.

Cryptography: One of my focus areas is in the correct use of cryptographic protocols and algorithms and I sometimes perform security analyses of innovative products.

Android: I occasionally write software for Android. My work in this area includes a simple guided meditation program as well as encryption and password storage app, in collaboration with the OpenIntents project.

Other Software: I'm have previously authored or maintained several software packages: The Haskell Cabal, a Haskell filesystem called Halfs. I also contributed some of the original code for Debian's apt-get cryptographic signature checking.

Social Software:I'm on Twitter as well as LinkedIn. For professional relationships, please find me there. Personal friends can find me on Facebook.

Non-Geek: I really enjoy road bike racing, rock climbing, hiking, reading good books, drinking coffee, and the awesomeness of Portland, Oregon :)