Securing Social with OpenSocial and Caja



Our real and online selves are quickly becoming synonymous with one another as we share more and more of our real selves with our online presence. As containers begin to expand the social web with implementations such as OpenSocial, security is quickly becoming a concern. As an open project, Caja meets that demand as a comprehensive JavaScript securer.

This talk will explore the implementation of OpenSocial on the social web and why security considerations need to be integrated when creating open standards for this space.


In an attempt to integrate standards into the social web, the OpenSocial standards seek to give developers a “build once – deploy everywhere” methodology for engineering applications. With the push to the merging of your real and web world personalities and personal information, the concerns of insecure social habits become very clear.

While trying to create easy to develop application environments in a hurry, many OpenSocial containers have gone the route of using insecure iframes as their security models, many times leading to the hijacking of personal information.

Caja enters as an open security solution. Providing multiple levels of JavaScript security in an open-source package, Caja delivers what was lacking in the social world – security.

This presentation will provide an overview of the Caja security model with OpenSocial standards and explore why security considerations need to be integrated when creating open standards for the social web.

Speaking experience


  • Pic jon2

    Jonathan LeBlanc

    X.commerce (eBay)


    Jonathan is an Emmy award-winning software engineer and the author of the O’Reilly book “Programming Social Applications.” He specializes in open source initiatives around the implementation of social engagement services. He also works with and promotes emerging technologies to aid in the adoption and utilization of new social development techniques, such as his work on the OpenSocial foundation board. As a software engineer, Jonathan works extensively with social interaction development, engaging in new methods for targeting the social footprint of users to drive the ideal of an open web.