Securing Social with OpenSocial and Caja / Open Source Bridge: The conference for open source citizens / June 26-29, 2012 / Portland, OR

Securing Social with OpenSocial and Caja

Proposal

Culture

Short form

osb2009-0241

Excerpt

Our real and online selves are quickly becoming synonymous with one another as we share more and more of our real selves with our online presence. As containers begin to expand the social web with implementations such as OpenSocial, security is quickly becoming a concern. As an open project, Caja meets that demand as a comprehensive JavaScript securer.

This talk will explore the implementation of OpenSocial on the social web and why security considerations need to be integrated when creating open standards for this space.

Description

In an attempt to integrate standards into the social web, the OpenSocial standards seek to give developers a “build once – deploy everywhere” methodology for engineering applications. With the push to the merging of your real and web world personalities and personal information, the concerns of insecure social habits become very clear.

While trying to create easy to develop application environments in a hurry, many OpenSocial containers have gone the route of using insecure iframes as their security models, many times leading to the hijacking of personal information.

Caja enters as an open security solution. Providing multiple levels of JavaScript security in an open-source package, Caja delivers what was lacking in the social world – security.

This presentation will provide an overview of the Caja security model with OpenSocial standards and explore why security considerations need to be integrated when creating open standards for the social web.

Speaking experience

Back to list of proposals

Speaker

Jonathan LeBlanc
Yahoo! Developer Network
- Website: http://developer.yahoo.com/
- Blog: http://www.nakedtechnologist.com/
- Twitter: jcleblanc
- Identi.ca: jcleblanc
Biography

Jonathan LeBlanc works with the partner integration group in the Yahoo! Developer Network as a principal software engineer / technology evangelist. Focusing on partner relationships and training, as well as external developer integration, Jonathan works with and promotes emerging technologies to aid in the adoption and utilization of new social development techniques. As a software engineer, Jonathan works extensively with social interaction development on the web, developing new methods for linking social networks to drive the ideal of an open web. Prior to Yahoo!, Jonathan worked within both the media production and fantasy product development teams at CBSSports.com, where he developed on products such as the Emmy award winning march madness on demand video player.

Open Source Bridge

The conference for open source citizens

Proposals