The transfer of web 2.0 ideas to business-to-business applications, variously called enterprise 2.0 or enterprise web 2.0, is currently taking place with rich web applications (RWA) – browser-based rich internet applications – many of which use Ajax.
The root of the problem with security in RWA is the browser. The original browser was created to display world wide web pages containing hyperlinked documents. However, today, browsers are being pushed to their limits by RWA, and the security analysis done in those early days of the web did not envisage today’s advances, such as running an asynchronous channel in parallel with the standard HTTP request/response channel.
Source: OpinionWire by Butler Group (www.butlergroup.com)