End-to-End Security for Enterprise Mashups

Mashups are gaining momentum as a means to develop situational Web applications by combining different resources (services, data feeds) and user interfaces. In enterprise environments, mashups are recently used for implementing Web-based business processes, however, security is a major concern. Current approaches do not allow the mashup to securely consume services with diverse security requirements without sharing the credentials or hard-coding them in the mashup definition. This paper presents a solution to integrate security concerns into an existing enterprise mashup platform. The paper provides an extension to the language and runtime and proposes a Secure Authentication Service (SAS) to seamlessly facilitate secure authentication and authorization of end-users with the services consumed in the mashup.