DigiCert SSL certificates to be supported by SafeMashups MashSSL Web Toolkit
Lindon, UT, May 21, 2009 -- DigiCert Inc., a leading provider of SSL certificates, and Safe Mashups Inc., an application authentication pioneer, today announced a partnership under which DigiCert certificates can be used with the SafeMashups MashSSL Web ToolKit to protect emerging Web 2.0 protocols that require applications to build a trusted pipe to each other while communicating through a third party user.
"The recent session fixation vulnerability discovered in OAuth is a perfect example of the sort of vulnerabilities that arise when two web services have to communicate via a potentially untrusted user", said Ravi Ganesan, Founder and CEO, SafeMashups Inc. "We are pleased to partner with a market leader like DigiCert to spur on the adoption of the emerging MashSSL standard, the use of which is a quick way to solve this problem without using a new proprietary cryptographic protocol or requiring a new trust infrastructure."
Because DigiCert Root Certificates will be supported within the SafeMashups Community Service (SCS) and the MashSSL Web ToolKit, DigiCert will be able to offer certificates to MashSSL community members upon request. MashSSL compatible certificates issued by DigiCert can be used with the royalty-free MashSSL Web Toolkit to create a trusted pipe between web services communicating through a user's browser.
"The lack of a standard and secure approach to building a trusted pipe between your web service and that of your business partners through a potentially untrusted user is a common problem that the innovative MashSSL technology protects against," explained Christopher Skarda, DigiCert's Vice President of Operations. "What is most interesting about MashSSL is that it requires no changes in the underlying protocol, and there is no end user impact. For instance, web services using OAuth can establish a MashSSL session and then simply use their existing OAuth implementation without any changes to that protocol, or any changes to the browser."
DigiCert and SafeMashups have both reiterated their commitment to working through the standards process with other partners to make the MashSSL specification an open standard.