A Secure Proxy-Based Cross-Domain Communication for Web Mashups

Content Provider	CiteSeerX
Author	Hsiao, Shun-Wen Sun, Yeali S. Ao, Fu-Chi Chen, Meng Chang
Abstract	Abstract—A web mashup is a web application that integrates content from heterogeneous sources to provide users with a more integrated and seamless browsing experience. Client-side mashups differ from server-side mashups in that the content is integrated in the browser using the client-side scripts. However, the legacy same origin policy (SOP) implemented by the browsers cannot provide a flexible client-side communication mechanism to exchange information between different sources. To address this problem, we propose a secure client-side cross-domain com-munication model facilitated by a trusted proxy and the HTML 5 postMessage method. The proxy-based model supports fine-grained access control for elements that belong to different sources in web mashups; and the design guarantees the confiden-tiality, integrity, and authenticity during cross-domain communi-cations. The proxy-based design also allows users to browse mashups without installing browser plug-ins. For mashups de-velopers, the provided API minimizes the amount of code modifi-cation. The results of experiments demonstrate that the overhead incurred by our proxy model is low and reasonable. Web Security; access control; mashups, same origin policy I.
File Format	PDF
Access Restriction	Open
Subject Keyword	Web Mashups Secure Proxy-based Cross-domain Communication Different Source Proxy-based Design Postmessage Method Provided Api Server-side Mashups Client-side Mashups Heterogeneous Source Web Security Mashups De-velopers Web Mashup Trusted Proxy Access Control Web Application Origin Policy Fine-grained Access Control Proxy-based Model Flexible Client-side Communication Mechanism Secure Client-side Cross-domain Com-munication Model Legacy Origin Policy Code Modifi-cation Proxy Model Client-side Script Seamless Browsing Experience Cross-domain Communi-cations
Content Type	Text