A secure proxy-based cross-domain communication for web mashups

  • Authors:

  • Shun-Wen Hsiao;Yeali S. Sun;Meng Chang Chen

  • Affiliations:

  • National Taiwan University and Academia Sinica;National Taiwan University;Academia Sinica

  • Venue:
  • Journal of Web Engineering
  • Year:
  • 2013

Quantified Score

Hi-index 0.00

Visualization

Abstract

A web mashup is a web application that integrates content from heterogeneous sources to provide users with an integrated and seamless browsing experience. Client-side mashups differ from server-side mashups in that the content is integrated in the browser using the client-side scripts. However, the legacy same origin policy implemented by the current browsers cannot provide a flexible client-side communication mechanism to exchange information between resources from different sources. To address this problem, we propose a secure client-side cross-domain communication mechanism facilitated by a trusted proxy and the HTML 5 postMessage method. The proxy-based model supports fine-grained access control for elements that belong to different sources in web mashups; and the design guarantees the confidentiality, integrity, and authenticity during cross-domain communications. The proxy-based design also allows users to browse mashups without installing browser plug-ins. For mashups developers, the provided API minimizes the amount of code modification. The results of experiments demonstrate that the overhead incurred by our proxy model is low and reasonable. We anticipate the proxy-based design can help the mashup platform providers to provide a better solution to the mashup developers and users.