General

Cross Domain XHR

Cross Domain FLASH

OpenAJAX

OAuth

App to App

Kerbweb

Application to Application

The Problem

Many direct application to application communications require that transport level SSL be used. It is our experience that while the applications 'assume' that this is happening, the process is transparent to them and they are not aware whether SSL is indeed being run. Further, the responsibility for implementing this transport level SSL security may in some cases be in a different part of the organization than those responsible for the application level security.

The MashSSL Solution

MashSSL can indeed be run between two applications directly. Scrambling has to be turned off, unless there is some intermediary server acting as a trusted hub. The advantages are that the applications are now directly aware and responsible for the security of their communications. While some may view this as a disadvantage rather than an advantage, we believe that in an era of cloud computing where applications might migrate in real time from one server to another, that the notion of relying on a transport level security mechanism for application security is somewhat dated.

©2009 - 2010 Copyright SafeMashups™, Inc. All rights reserved.