Secure Delegation for Web 2.0 and Mashups

Service providers are letting users completely control and use data through proxies, such as Web. 2.0 mashups. This trend is bringing renewed interest in the problem of secure distributed delegation. The paper highlights and discusses a number of new challenges for service providers and developers in creating a secure and usable delegation framework. Mashups, by their very definition, involve a man-in-the-middle. While Web Services1 using SOAP2 as a transport can provide end-to-end security services, typical Web 2.0 applications use the simpler REST-based communication approach3 that lacks a rich security infrastructure to draw upon.