It's been a long time since I talked about the identity of anything except people, but we should remember that everything on our networks has an identity - the devices, the services, the applications - even the data packets. I was reminded of this last week when I caught up with Ravi Ganesan, formerly CEO of TriCypher and now a Research Professor at the University of Texas San Antonio (UTSA), and CEO of SafeMashups.
This week SafeMashups announced the launch of MashSSL, what they’re calling the first trust infrastructure for mashups.
<aside> In Web development, a mashup is a Web application that combines data from one or more sources into a single integrated tool. The term Mashup implies easy, fast integration, frequently done by access to open APIs and data sources to produce results that were not the original reason for producing the raw source data. An example of a mashup is the use of cartographic data from Google Maps to add location information to real estate data, thereby creating a new and distinct Web service that was not originally provided by either source. </aside>
As Ravi pointed out, whenever a mashup is created the user can authenticate to the apps and services, but there’s no way for them to authenticate to each other – nor for any of them to authorize any of the others. To overcome this, SafeMashups has created a new protocol – MashSSL.
As Ganeshan explained it, the MashSSL protocol allows Web applications mashing through a browser to securely identify each other even in the presence of potentially untrusted intermediaries such as various forms of man in the middle (MITM) attacks, or malicious users. The key innovations of MashSSL were to use innovative cryptography to make SSL a multi-party protocol and running the protocol at the application level. Further, the standard has been designed to be implemented in a simple RESTful fashion, which optimizes Web application interactions and is the architecture of choice for many modern Web applications.
This newsletter is far too short to successfully explain the protocol, but have a look at the Web site and dig into it as far as you want. This is the protocol which will bring safe, trusted mashups to the enterprise.
Upcoming event: Registration is now open for the 8th Internet Identity Workshop to be held May 18-20 at the Computer History Museum in Mountain View California. It promises to be as exciting, interesting, thought-provoking and entertaining as IIW’s have always been. Sign up now – I have.