Preventing malicious portlets from communicating and intercepting in collaboration portals

In a “networked enterprise”, distributed teams of partner organizations, humans, computer applications, autonomous robots, and devices are interlinked to collaborate with each other in order to achieve higher productivity and to perform joint projects or produce joint products that would have been impossible to develop without the contributions of multiple collaborators. Within a collaboration, security aspects are of critical importance. This is in particular true for loosely coupled collaborations in which individual members of one alliance are working with each other within a certain project only, but may be competitors in other market fields at the same time. Going beyond the current state of the art in portal-based collaboration platforms, this paper presents an approach to prevent unintended information disclosure by malicious portlet instances. The solution is built on open standards (JSR 286 and XACML) and may be incorporated in collaboration-wide enterprise portals in order to regulate information flow during inter-portlet communication.