Make mashups secure
- TAGS:Mashup SSL, mashups, Ravi Ganesan, Safe Mashups
- IT TOPICS:Cloud Computing, Development, E-Business, Web Apps
Mashups remain an exciting programming opportunity for business and they're being touted by major app/dev vendors. Indeed, mixing data from multiple sources and leveraging applications across the Internet can be exhilarating. It's also fraught with danger.
Some months ago I wrote that mashups are potential security nightmares. I also pointed to a couple of efforts to fix the problem. Today's news might be the most ambitious effort yet to lock down mashups.
Safe Mashups Inc. in San Antonio, Tex. is proposing a standard called MashSSL, a multi-party encryption protocol based on the two-way SSL protocol.
According to CEO Ravi Ganesan, "We reuse every last bit of SSL." He says that's because "it takes about a decade" before cryptographers begin to trust a protocol. If secure mashups are to become real, a multi-party secure protocol has to become available quicker than that.
To further the standard effort, Safe Mashups is releasing its MashSSL Web Toolkit royalty free to developers. Sounds pretty good.
Ganesan also says that today the company is launching its Safe Mashups Community Service. The service is where companies would turn to for "access control lists in the cloud." That is, a white list of safe mashups vetted by industry will be located there.
Here's hoping Professor Ganesan (he also teaches at the University of Texas) gets his wish and mashups become safe soon.
Free Insider Guide