The concept of drawing data from multiple applications to feed another application or report is nothing new. Programmers have been doing this for decades. A new twist to this old concept is to use the Web to aggregate data and logic from different applications – often from different services providers – to populate a new application. In Web 2.0 terminology, this is called a “mashup.”

Mashups are gaining widespread popularity, especially with consumer-oriented applications. For example, on Starbucks.com, you can enter a zip code to find a nearby location. A mashup aggregates data that builds a map showing locations of the closest stores, as well as a list of events scheduled for each store. All the data is assembled on the fly based on the zip code you enter.

Mashups are making their way into business-oriented applications, too, as they offer the promise of faster deployment of business functionality. Mashup technologies can combine internal data or services with external information or services to quickly create a new service for the business user. For example, an oil field services company has a database of all the locations of its wellheads. By combining the internally-owned GPS location data with externally-provided satellite images, an engineer sitting at his desk can view the area surrounding the wellhead to visually survey the right-of-way area around the wellhead.

While business professionals may view mashups as a quick way to get new and beneficial functionality out of their business applications, chief security officers (CSO) lose sleep over the thought of implementing mashups. Why? Because they provide new opportunities for an attack on the enterprise, for data theft, and for compromised desktops. The problem is that mashups occur at the application layer, and there’s currently no standard for authenticating applications to ensure trust. On the contrary, it is quite easy to inject bad data or steal good data because the applications can’t “peak behind the browser” to see who is really sitting at the wheel.

A new startup company, SafeMashups, has looked at this problem from all angles and is proposing a new protocol for mashups based on the already widely accepted standard of Secure Sockets Layer (SSL). The MashSSL protocol provides a standardized way for Web applications to securely identify each other when mashing through a potentially untrusted browser.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.