[Project Closed] From Jan. 2008 to Dec. 2010 @ Department of Information Management, National Taiwan University as PhD candidate under the supervision of Dr. Yeali S. Sun.
Problem. A web mashup is a web application that integrates content from heterogeneous sources to provide users with a more integrated and seamless browsing experience. Client-side mashups differ from server-side mashups in that the content is integrated in the browser using the client-side scripts. However, the legacy same origin policy (SOP) implemented by the browsers cannot provide a flexible client-side communication mechanism to exchange information between different sources. In the past, there is only all-trust or no-trust model in web mashup, which is not easy for mashup developer to control their privacy.
Goal. I propose a secure client-side cross-domain communication model facilitated by a trusted proxy and the HTML 5 postMessage method. The proxy-based model supports fine-grained access control for elements that belong to different sources in web mashups; and the design guarantees the confidentiality, integrity, and authenticity during cross-domain communications. The proxy-based design also allows users to browse mashups without installing browser plug-ins. For mashups developers, the provided API minimizes the amount of code modification.
Implementation. Four parts are involved in a web mashup: user, proxy, integrator and provider. The figure below shows the interaction between these parties while performing a fine-grain controlled cross-domain communication.
- Shun-Wen Hsiao, Yeali S. Sun, and Meng Chang Chen, “A Security Proxy-Based Cross-Domain Communication for Web Mashups,” Journal of Web Engineering, vol. 12, no.3-4, pp. 291-316, Jul. 2013. (SCI, IF: 0.361)
- Shun-Wen Hsiao, Yeali S. Sun, Fu-Chi Ao, and Meng Chang Chen, “A Secure Proxy-Based Cross-Domain Communication for Web Mashups,” in Proc. 2011 IEEE 9th European Conference on Web Services (ECOWS), Lugano, Switzerland, Sep. 2011, pp. 57-64. (EI)