Web applications can be downloaded to a device over the Internet and then executed in a web browser instance implemented on a device platform of the device. The device may, for example, be a PC, laptop, mobile phone or any other suitable device which is capable of connecting to the Internet. Web applications are executed at the device using a web-based technology (e.g. in accordance with the HTML 5 standard). A web browser instance may refer to any separate interface of a web browser with which a user can interact, such as a window, tab or frame of a web browser or to instances of different web browsers from different vendors such as Microsoft Internet Explorer and Mozilla Firefox.
A service provider can provide a service for a user of a device by providing a service provider client application for execution on the device. The service provider client application includes web components (e.g. a web application) which execute in a web browser instance at the device, both as pure web components (e.g. implemented as HTML, Javascript and CSS artifacts dynamically downloaded from a web server), and includes installed (native) components deployed at the device in the form of browser plugins and other installed software that augments the pure web components of the service provider client application.
Similarly, a partner web application from another entity may be provided for execution in a web browser instance on the same device, wherein the partner web application may comprise web components with or without native enhancements. The other entity from which the partner web application is provided may be a partner of the service provider and may be trusted by the service provider, in which case it may be useful for the service provider web application to be able to communicate with the partner web application on the device. However, in other situations, the other entity from which a partner web application is provided might not be trusted by the service provider, in which case it might be useful to prevent communication between the service provider web application and the partner web application on the device.
A “mash-up” occurs when the service provider web components and the partner web components exchange signaling at the device thereby conveying some useful data between the service provider web application and the partner web application. Mash-ups can be particularly beneficial since they provide the user of the device with a combination of information that may be absent in both the service provider web application and the partner web application if they were to execute separately. Particular benefit in mash-ups manifests itself when web applications are combined in creative ways. In order to implement mash-ups (and thereby achieve the benefits associated therewith), cross-provider signaling is a necessary facility that enables communication between web applications executing simultaneously on the device. It is therefore beneficial to be able to allow the service provider web application to conduct secure client-side (i.e. implemented at the device) signaling with a partner web application.