Alejandro Russo, visiting associate professor at Stanford, says the Confinement with Origin Web Labels (COWL) project will bring label-based mandatory access control to browsing in a way that is fully backward-compatible with legacy Web content. COWL enables both the secure inclusion of untrusted scripts in applications and the building of mashups that combine sensitive information from multiple sources, he says.
In effect, Russo says COWL allows developers to finally apply governance polices directly to code. Rather than trying to apply those polices on static data, COWL enables developers to apply policies hand in glove at the time code is executing in a way that doesn’t wind up compromising Web application performance. The result is not only better protection of end-user data, but also a more secure Web, says Russo.
Developers have long wrestled with the desire to have as much flexibility as possible in terms of mashing up data and the need to secure that data, he says. Maintaining flexibility has led to massive amounts of innovation. But at the same time, concerns about privacy and security are starting to undermine end-user confidence in Web applications.
COWL works with Mozilla’s Firefox and the open source version of Google’s Chrome Web browsers. It may take awhile for COWL to be universally adopted. But with support from Google and Mozilla, it would appear that COWL is being seriously considered as a mechanism to secure data and content regardless of how they are being accessed.
Of course, other providers of browsers would have to accept COWL to make it broadly applicable across the Web. But that fact that vendors are collaborating with academia to finally address privacy and security issues would suggest some progress is being made.