ie8 fix
madison

Service Oriented

Joe McKendrick
Home / News & Blogs / Service Oriented

Five enterprise mashup security issues, and what to do about them

By | June 10, 2010, 6:58pm PDT

Summary: Industry veteran urges adoption of mashup security profiles to manage security in the wild, yet-to-be-tamed world of mashups.

Do enterprise mashups, which hands over control of front-end development to end users, represent a security risk? They don’t have to.

Chris Steel, a 20-year veteran of the software security industry, says many of the security challenges associated with today’s mashups can essentially be addressed by existing security approaches.

Here the five key patterns to consider when thinking about enterprise mashup security:

  1. Authentication to multiple backend services with different credentials, authentication protocols
  2. Authorization to multiple backend services requiring attributes from disparate sources
  3. Bridging point-to-point protocol security mechanisms such as SSL
  4. Extending compliance rules and regulations out to the cloud
  5. Understanding the implications of your data being used in new ways

Steel observes that with enterprise mashups, “we are confronted with one-to-many relationships, where clients will need to supply (and servers will need to manage) multiple credentials that will be passed to back-end services. In addition, the struggle of providing and enforcing authorization also becomes more challenging as you mash different services with different authorization requirements together in one application.”

Steel advocates the adoption of “mashup security profiles” that encapsulating existing authentication mechanisms, as well as enable the storage of credentials across disparate backend services, manage the login sessions to those services.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Service Oriented”

Topics

Security, Enterprise Mashup, Joe McKendrick

Joe McKendrick is an author, consultant and speaker specializing in trends and developments shaping the technology industry.

Disclosure

Joe McKendrick

Joe McKendrick is an independent consultant, editor and speaker.

Joe has performed project work (white papers, articles, blogs, research and presentations) for the following companies in the IT marketspace:

  • CBS Interactive/CNET/ZDNet (this blog)
  • ebizQ
  • Evans Data
  • Gartner
  • IBM
  • Informatica
  • IDC
  • Microsoft
  • Systinet/HP
  • Teradata
  • Unisphere Reseach, a division of Information Today, Inc.
  • WebLayers

Joe has also performed research work for the following sponsoring organizations in partnership with Unisphere Research, a division of Information Today, Inc.

  • IBM
  • Luminex
  • Noetix
  • Oracle Corp.
  • Teradata
  • Informatica
  • International Oracle Users Group
  • Oracle Applications Users Group
  • Professional Association for SQL Server
  • International DB2 Users Group
  • International Sybase Users Group
  • SHARE (IBM large systems users group)

Biography

Joe McKendrick

Joe McKendrick is an author and independent analyst who tracks the impact of information technology on management and markets. Joe is co-author, along with 16 leading industry leaders and thinkers, of the SOA Manifesto, which outlines the values and guiding principles of service orientation. He also speaks frequently on Enterprise 2.0 and SOA topics at industry events and Webcasts, and serves on the program committee for this year's SOA & Cloud Symposium in London. As an independent analyst, he has also authored numerous research reports in partnership with Unisphere Research, a division of Information Today, Inc. for user groups such as SHARE, Oracle Applications Users Group, and International DB2 Users Group. In a previous life, Joe served as director of the Administrative Management Society (AMS), an international professional association dedicated to advancing knowledge within the IT and business management fields. He is a graduate of Temple University.

The discussion hasn’t started yet. Why don’t you begin it?

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix