Web 2.0 technology aiming at the web as a platform has become popularized abruptly. In line with this trend, static webs based on an existing client-server model have changed. Web 2.0 has realized the advantages, such as improved user access, easy services by users, and shared resources through the utilization of Asynchronous JavaScript and XML (AJAX), OpenAPI, Mashup, etc., but has more severe security vulnerability than an existing web service. Web 2.0 includes all security problems of the existing web service and is more likely to be attacked than existing web applications because of the operating method of web 2.0, including additionally various clients, a variety of access methods and bidirectionality, and asynchronous property.
The most severe problem of the security problems of web 2.0 is a security problem of Mashup. In Mashup applications, a variety of third-party resources in different domains are combined and used as service constituent elements and, if any one of the third-party resources is harmful, a detrimental security problem occurs over the entire Mashup service. A technology that has been most widely used for Mashup is AJAX. AJAX uses XML, Java Script, and so on and therefore has many related security vulnerability. As known attack methods, there are XML-DoS, XML message injection and manipulation, session hijacking and theft, and the like. In order to prevent them, not only authentication, confidentiality, integrity, and non-repudiation of messages, but also message contents-based harmful message filtering is necessary. Web-related attack traffic uses the port No. 80. Such attack is not prevented by an existing firewall because the existing firewall opens the port No. 80. Accordingly, a message has to be filtered by analyzing the contents of the message. Further, since various resources between different domains are frequently combined, an application of single sign-on (SSO) technology to users of these resources to be urgently necessary. It is also necessary to be able to prevent access from known harmful sites and service request to harmful sites.
A technology that has been most widely used for Mashup is AJAX. AJAX uses messages of not only in XML form, but also in JavaScript Object Notation (JSON) and plain text form for the purpose of message exchange. Accordingly, there is a need for a security technology which can be applied for all of these messages.