There is known a mashup service provider that provides a service called “mashup.” A mashup service provider incorporates pieces of data specified by a user and provided by different servers into one web page and provides the web page to a client terminal. For example, a mashup service provider previously receives the specification of weather data provided by a server A and the specification of stock price data provided by a server B from a user. Upon receipt of a page retrieval request from the user, the mashup service provider provides a web page including weather data and stock price data to the user. Such a mashup service provider is capable of providing a web page customized for each user.
For example, a user may want to retrieve a web page including data provided by a server on an intranet of a company and data provided by an external server. For example, a user may want to retrieve a web page including a business travel expense application screen provided by a server on an intranet of a company and a route information screen provided by an external server.
However, the server on the intranet of the company is shut off from the outside by a firewall. Therefore, an external, ordinary server cannot access the server on the intranet. As a result, a mashup service provider cannot provide a web page including data provided by the intra-company server and data provided by an external server.
Also, due to the cross-domain problem, a browser is configured so that pieces of data retrieved from multiple servers cannot be displayed in one screen. Therefore, a client cannot create a screen where data retrieved from an external server and data provided by an intra-company server are combined.
Japanese Unexamined Patent Application Publication No. 2007-334842 describes a method by which a client retrieves information about a different domain by creating a script dynamically. However, as for the method described therein, a server returns data in response to not only an access for a mashup purpose but also any type of access from a client. Therefore, this method may be vulnerable in terms of security.