Secure Mashups with SMash

I was doing some investigation into web service security, and ran across another nifty IBM tool: SMash. Smash (meaning secure mashups) is basically a technology designed to solve security problems when writing a mashup (a.k.a. situational application). These applications generally consume data/information from several different web services, and you need to ensure that there are measures in place to secure the data that they give to their calling applications.

Security is a concern by IT departments as mashups are typically written by non-IT staff and there is potential for leaked security. So, IBM wrote (and donated) SMash so that you can now authenticate your AJAX Web Services (Smash is javascript, so it's AJAX only at the moment). This is nifty as it appears as though you can secure your mashups by making sure that they can only access certain services you approve, or you can do other certificate based authentication.

The only issue I see with this is that it's non-standard. If the future is in services, seems like we should strive to come together and come up with a standards based way to do web service security (would WS-Security fit here?).

Well, since this is only javascript, I'm back to my research. For now, if you're interested in SMash, try out the code here (part of OpenAjax) or read more in this whitepaper from IBM.