混搭網站中以代理伺服器為輔助的安全跨網域溝通

Abstract

混搭網站(Web mashup)是整合來自異質來源內容的網頁應用程式，其目標為藉由資訊分享與分析的方式，提供使用者整合性更佳、而且為單一站點（single-stop）的網站瀏覽經驗。本身即為一網站(site)的供應者(provider)，為混搭網站供給內容或服務，一旦網路瀏覽器載入一個混搭網站後，來自供應者的內容會在客戶端創造出一個實例(instance)，我們稱此實例為混搭物(Mashlet)。由架設混搭網站的站點所取得的網頁內容，則被我們稱為原始內容(original content)。在本論文中，為了方便起見，我們以個體(entity)來代指混搭物或是原始內容。 隨著非同步JavaScript與XML (Asynchronous JavaScript and XML，簡稱XML) 網頁技術的興起，客戶端混搭網站架構(client-side Web mashup architecture)越來越受到歡迎。為了讓客戶端混搭網站更具互動性，瀏覽器中需要進行資訊交換。由瀏覽器實做的相同來源政策(same-origin policy，簡稱SOP)掌管了現今瀏覽器中的存取控制(access control)，然而在此政策之下，實體之間只有完全信任(all trust)或是完全不信任(no trust)的存取控制，因此，針對客戶端混搭網站而言，目前的SOP並不是一個彈性化的資訊分享政策，它忽略了混搭網站開發者的需求，開發者希望能為其每個實體擬定完善的存取控制政策，這些精細到以元素為單位(element-level)、而非以實體為單位(entity-level)的政策，確保每個元素的性質只能由來自被信任網域的實體所讀取。 在本論文中，我們提出了一個在混搭網站中，以代理伺服器為輔助的安全跨網域溝通機制，我們的信任模型確保了機密性(confidentiality)、完整性(integrity)與鑑別性(authenticity)，除此以外，此模型也提供了彈性化的存取控制，使得來自不同來源的實體們，能夠對一個實體的特定元素擁有不同的存取權限。

Web mashups, or mashups, are Web applications which integrate contents from heterogeneous sources. The goal of these applications is to provide users with a more integrated and single-stop browsing experience by information sharing and analysis. A provider, as a site, provides content or service to a mashup. Once a mashup has loaded by a browser, what comes from a provider creates an instance at the client-side. We call this instance “mashelet”. The Web page content retrieved from the mashup hosting site (excluding the mashlets) is called “original content”. In this thesis, for convenience, we refer either a mashlet or original content to “entity”. With the rise of AJAX, the client-side mashup architecture becomes more and more popular. For client-side mashups to be interactive, it requires information exchange within the browser. The legacy same-origin policy (SOP) enforced by browsers governs access control in today’s browsers. Under SOP, however, there is either all trust or no trust across entities. Therefore, the current SOP is not a flexible information sharing policy for client-side mashups. This insufficiency neglects the needs of mashup developers to finely specify the access-control policy for each of their entities. Such a policy, down the “element-level” rather than the “entity-level”, serves to ensure the properties of an element can only be read by entities from trusted domains. In this work, we propose a secure proxy-based cross-domain communication for Web mashups. Our trust model guarantees confidentiality, integrity, and authenticity for client-side mashups in the process of cross-domain information exchange. Furthermore, it provides flexible access control so that entities from different sources may have different access rights to a certain element of an entity.