Security Task Force Progress on Mashup Authentication and Authorization

Blogged by: Jon Ferraiolo on March 28, 2009 at 9:23 am

At the beginning of 2009, the Security Task Force at OpenAjax Alliance launched a new initiative around Mashup Authentication and Authorization, with an emphasis on single sign-on workflows. The goal of this initiative is to perform a deep study of real-life use cases of technologies in use today, such as login/password dialogs, OpenID, SAML, and OAuth, and then develop a set of incremental technical standards (if necessary), best practices, and educational sample applications. The focus is on how these technologies relate to the Alliance’s key mashup technologies, OpenAjax Hub 2.0 and OpenAjax Widgets.

One of the complexities with today’s single sign-on technologies (OpenID, SAML and OAuth) is the use of URL redirection. In typical practice, these technologies requires that a Web page be redirected to/from the host application server and some other server(s) (e.g., an OpenID server). It is technically difficult to combine these redirection-oriented technology approaches with IFRAME isolation approaches to mashup security, such as what is used by OpenAjax Hub 2.0, particularly when attempting to achieve interoperable mashups and widgets (i.e., components that work across multiple different products from multiple vendors).

As of March 2009, the Security Task Force has sketched out sample workflows and has developed initial versions of sample applications that illustrate some techniques to addressing the combination of OpenAjax Hub 2.0 with single sign-on technologies. The sample applications will be finished in the spring of 2009 and will show how to use single sign-on techniques in conjunction with both OpenAjax Hub 2.0 and OpenAjax Widgets.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

You must be logged in to post a comment.