1. WWW 2007 / Track: Security, Privacy, Reliability, and Ethics Session: Defending Against Emerging Threats
Subspace: Secure Cross-Domain Communication
for Web Mashups
Collin Jackson Helen J. Wang
Stanford University Microsoft Research
helenw@microsoft.com
collinj@cs.stanford.edu
ABSTRACT
Combining data and code from third-party sources has en-
abled a new wave of web mashups that add creativity and
functionality to web applications. However, browsers are
poorly designed to pass data between domains, often forc-
ing web developers to abandon security in the name of func-
tionality. To address this deficiency, we developed Subspace,
a cros