Track: Security, Privacy, Reliability and Ethics
Paper Title:
Subspace: Secure Cross-Domain Communication for Web Mashups
Authors:
Abstract:
Combining data and code from third-party sources has enabled
a new wave of web mashups that add creativity and
functionality to web applications. However, browsers are
poorly designed to pass data between domains, often forcing
web developers to abandon security in the name of functionality.
To address this deficiency, we developed Subspace, a
novel cross-domain communication mechanism that allows
efficient communication across domains without sacrificing
security. Our prototype requires only a small JavaScript
library, and works across all major browsers. We believe
Subspace can serve as a new secure communication primitive
for web mashups.
