Free WebSocket Security Whitepaper

Under Collaterals on the Kaazing site there are several great white papers that are  worth a look. The one I’d call out today is the Security white paper.

There’s a lot of fud out there around WebSocket security that can only be tackled by learning about those concerns and how they can be addressed. Here are a few snippets from our Delivering Security Over Native Full-duplex Web Connections paper with this very objective in mind:

Security within the WebSocket standard is simple and certain, as long as the WebSocket solution you use implements it, since it’s not enabled by default. The WebSocket standard takes care of core security by providing for unencrypted and encrypted transport, and by defining WebSocket as a frame within which all existing security protocols can operate. However, because WebSocket is a standard and not a development environment, the inherent security features are somewhat limited.

Often, security features have been limited at a high cost – one that obstructs the creation of robust, full duplex web applications. Developers are often faced with the difficult design and coding challenges, trying to figure out how to work within or around limitations without frustrating their users with awkward and time consuming processes.

The WebSocket standard is sufficient to secure traffic (if its security features are used). It supports whatever security is in place. But securing the flow is only part of the real security challenges you face. That traffic has to be able to seamlessly traverse proxies and firewalls. Issues of authentication delay and obstruct the web experience.

This entry was posted in Kaazing, Uncategorized, WebSocket and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s