Abstract
Mashups are gaining momentum as a means to develop situational Web applications by combining different resources (services, data feeds) and user interfaces. In enterprise environments, mashups are recently used for implementing Web-based business processes, however, security is a major concern. Current approaches do not allow the mashup to securely consume services with diverse security requirements without sharing the credentials or hard-coding them in the mashup definition. In this paper, we present a solution to integrate security concerns into an existing enterprise mashup platform. We provide an extension to the language and runtime and propose a Secure Authentication Service (SAS) to seamlessly facilitate secure authentication and authorization of end-users with the services consumed in the mashup.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Yu, J., Benatallah, B., Casati, F., Daniel, F.: Understanding Mashup Development. IEEE Internet Computing 12(5), 44–52 (2008)
Yahoo! Inc.: Yahoo Pipes, http://pipes.yahoo.com (Last accessed: May 19, 2009)
IBM Corporation: IBM Mashup Center, http://www.ibm.com/software/info/mashup-center/ (Last accessed: May 19, 2009)
Hoyer, V., Fischer, M.: Market Overview of Enterprise Mashup Tools. In: Bouguettaya, A., Krueger, I., Margaria, T. (eds.) ICSOC 2008. LNCS, vol. 5364, pp. 708–721. Springer, Heidelberg (2008)
Lawton, G.: Web 2.0 creates security challenges. Computer 40(10), 13–16 (2007)
Koschmider, A., Torres, V., Pelechano, V.: Elucidating the Mashup Hype: Definitions, Challenges, Methodical Guide and Tools for Mashups. In: Proc. of the Workshop on Mashups, Enterprise Mashups and Lightweight Composition on the Web (MEM 2009), Madrid, Spain (2009), http://integror.net/mem2009/papers/paper14.pdf (Last accessed: May 21, 2009)
OpenID Foundation (OIDF): OpenID Authentication 2.0 - Final, http://openid.net/specs/openid-authentication-2_0.html (Last accessed: May 20, 2009)
OAuth Consortium: OAuth Core 1.0, http://oauth.net/core/1.0/ (Last accessed: May 20, 2009)
Rosenberg, F., Curbera, F., Duftler, M.J., Khalaf, R.: Composing RESTful Services and Collaborative Workflows: A Lightweight Approach. Internet Computing 12, 24–31 (2008)
Curbera, F., Duftler, M., Khalaf, R., Lovell, D.: Bite: Workflow Composition for the Web. In: Krämer, B.J., Lin, K.-J., Narasimhan, P. (eds.) ICSOC 2007. LNCS, vol. 4749, pp. 94–106. Springer, Heidelberg (2007)
Lau, C.: BPM 2.0 – a REST based architecture for next generation workflow management. In: Devoxx Conference, Antwerp, Belgium (2008), http://www.devoxx.com/download/attachments/1705921/D8_C_11_07_04.pdf
OASIS: Web Service Business Process Execution Language 2.0 (2006), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsbpel (Last accessed: May 28, 2009)
OAuth Consortium: OAuth Security Advisory 2009.1, http://oauth.net/advisories/2009-1 (Last accessed: May 20, 2009)
Pautasso, C.: BPEL for REST. In: Dumas, M., Reichert, M., Shan, M.-C. (eds.) BPM 2008. LNCS, vol. 5240, pp. 278–293. Springer, Heidelberg (2008)
Austel, P., Bhola, S., Chari, S., Koved, L., McIntosh, M., Steiner, M., Weber, S.: Secure Delegation for Web 2.0 and Mashups. In: Proc. of the Workshop on Web 2.0 Security and Privacy 2008, W2SP (2008), http://w2spconf.com/2008/papers/sp4.pdf (Last accessed: May 21, 2009)
OASIS: Identity Metasystem Interoperability Version 1.0, http://www.oasis-open.org/committees/download.php/32540/identity-1.0-spec-cs-01.pdf/ (May 14, 2009)
Microsoft: Microsoft’s Vision for an Identity Metasystem, http://msdn.microsoft.com/en-us/library/ms996422.aspx (May 2005)
SafeMashups Inc.: MashSSL, https://www.safemashups.com (Last accessed: May 19, 2009)
Jackson, C., Wang, H.J.: Subspace: secure cross-domain communication for web mashups. In: Proc. of the International Conference on World Wide Web (WWW 2007), Banff, Alberta, Canada, pp. 611–620. ACM, New York (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rosenberg, F., Khalaf, R., Duftler, M., Curbera, F., Austel, P. (2009). End-to-End Security for Enterprise Mashups. In: Baresi, L., Chi, CH., Suzuki, J. (eds) Service-Oriented Computing. ServiceWave ICSOC 2009 2009. Lecture Notes in Computer Science, vol 5900. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10383-4_28
Download citation
DOI: https://doi.org/10.1007/978-3-642-10383-4_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10382-7
Online ISBN: 978-3-642-10383-4
eBook Packages: Computer ScienceComputer Science (R0)