Download Now Free registration required
This paper first shows that several seemingly disparate problems, ranging from secure cross domain authorization to policy enforcement in enterprise mashups to MITM attacks on federation protocols, all have as their root cause a single missing primitive function. Specifically, when a user at a browser is simultaneously interacting with two web services to obtain a composite service, it is not possible in today's Internet architecture for either web service to "Look behind the browser" and assure itself of the identity of the other web service in a standard and secure fashion. Complicating matters is that in almost all cases the web services cannot, or should not, trust the user or their browser.
- Format: PDF
- Size: 1689.6 KB