I know the guys that have developed this technology. For large corporations that want to leverage their applications into multiple channels and form factors - WorkLight makes a lot of sense...
The following information is a summary from their web site.
Development
The WorkLight Solution provides companies with a robust, cost-effective mechanism that delivers ease of development and secure deployment of custom-built applications across a variety of mobile devices, desktop and web interfaces.Using the WorkLight Ajax SDK, developers can quickly develop a custom-built application by employing commonly found web development skills such as JavaScript, CSS and HTML. Once deployed onto the platform, the code will be automatically packaged to generate additional instances, each optimized per the supported environments and designed to deliver optimal user experience.
For example, from a single application design, the system will easily generate a Vista gadget, a Yahoo widget, a Facebook application, an iGoogle gadget, an iPhone and an Android application. While these interfaces are quite different in their technical characteristics, the platform generates the appropriate native code for each environment.
Some client environments have unique capabilities, such as the mini "docked mode" of the Vista Sidebar or the ability to capture photos via an iPhone camera. Leveraging WorkLight's multi-channel approach, applications can be securely extended to utilize such capabilities without compromising their cross-environments portability. For example, the application can display only the current account balance when docked, or leverage the iPhone's camera to scan a bar code.
Today's proliferation of devices, operating systems and development tools would challenge any organization attempting to roll-out a single application across multiple channels. Using the WorkLight Solution, developers can create native applications without any familiarity of the technical aspects of the different environments.
The WorkLight Solution is future-proof. As new channels become popular, WorkLight will automatically provide support for these new services allowing organizations to further extend their reach of customers, partners and employees. Application developers will not have to retro-fit their applications to add support for the new interfaces.
Security
Online and mobile consumer channels are not designed for sensitive and personal information. Typically, these services do not incorporate security mechanisms of any kind, and are not suitable for sensitive data delivery. Syndicating sensitive and proprietary business and enterprise application data in these channels poses many unique security challenges.
The WorkLight Solution addresses these challenges, meets the strictest requirements, and is field-proven at global companies. This includes user authentication and access authorization, secure application provisioning, protection from client vulnerabilities, phishing prevention and protection from many new threats inherent in consumer interfaces. WorkLight-powered applications adhere to existing security policies and regulation and are designed to leverage existing security infrastructure whenever possible.
WorkLight addresses the following critical security aspects:
Authentication – Every connection to the platform via any online channel is encrypted and authenticated. This is typically achieved by integrating with existing enterprise authentication facilities for which WorkLight provides a library of connectors. Single Sign-On (SSO) is facilitated across all channels for transparent user experience. Multiple authentication schemes are supported for widgets, including in-widget, pop-up and redirection to login page. The platform also supports strong multi-factor authentication, and multiple authentication schemes for the same application, e.g. depending on the transaction type.
Secure Provisioning – When using consumer channels, users expect to install and use applications in a familiar way, e.g. adding an iGoogle gadget or bookmarking a Facebook application. The platform includes a secure provisioning server that seamlessly integrates with existing aggregation sites, and facilitates the familiar "add to" experience is a secure manner. For increased security, the platform generates a unique application instance per user, and verifies the association on every access to prevent unsanctioned duplication and distribution.
Attack Mitigation – With the advent of new online channels like widgets and social networks, new attacks become possible and familiar attacks require special consideration. The WorkLight Application Platform addresses all these attacks so that consumer online channels become as secure as well-protected traditional web applications. This includes thwarting impersonation, framing, XSRF, JavaScript Hijacking, SQL Injection and XSS.
Client Protection – Applications syndicated by the platform are consumed via a variety of client runtime environments, such as a browser-based personalized homepage, desktop widgets and the iPhone OS. Those runtime environments expose the application to an additional set of vulnerabilities, such as easy access to JavaScript source code and services shared between multiple widgets on the same page. The platform addresses these vulnerabilities by providing an SDK that ensures isolation of the application code from the host environment and facilitates secure connection with a set of server-side runtime services.
Anti-Phishing – New types of consumer online channels potentially open the door to new phishing schemes, such as widget impersonation. The platform addresses this by extending the SSL trust model to encompass off-portal artefacts. Users are directed to look for the same authentication procedure and visual trust components they are familiar with today.
Access Control – WorkLight's patented technology enables controlled access to data via multiple channels without duplicating existing access control logic or requiring credential caching. WorkLight accomplishes this by integrating identity and role information from user directories and back-end systems. The platform associates this information with retrieved data items and with known user records to efficiently determine whether a user is allowed to access a data item.
Integration
The WorkLight Solution is designed to easily fit in any enterprise environment and channel its inherent services and processes to end users regardless of its level of complexity.The system includes rich capabilities that support an efficient integration with a wide variety of backend systems and security infrastructure components, enabling the productive access and interaction with enterprise applications, middleware products, databases and directories.
Our solution provides XML-based configuration tools and a developer UI that facilitate sophisticated mashups incorporating multiple information sources using server-side JavaScript and automatic Ajax client-side code generation.
WorkLight integration is based on pluggable adapters, configured via XML.
Adapters can be both synchronous and asynchronous, and can support both retrieval of data and transaction issuance. Further customization of adapters is possible using server-side JavaScript. If needed, the platform can be extended with additional adapters using an adapter development SDK. Some of the standard adapters that are provided with the system include Web Services, XML/HTTP, SQL, LDAP, SAP, MS SharePoint, JMS, RSS and IBM MQ.
Scalability
Enabling transactional capabilities to end-users by allowing access to backend systems via multiple channels can deliver real business value to existing customers as well as attract those interested in such innovative offerings. But companies planning on doing so must be prepared to support high volumes of transactions at extremely high frequency. This situation typically occurs due to the "always-on" nature of mobile, desktop and web applications which enables users to constantly access current and relevant information.The large number of requests generated by Ajax clients and RSS polling coupled with increased user-base and the variety of access channels can result in higher processing loads and resource consumption of backend systems, a situation that can lead to overall performance degradation.
The WorkLight Solution addresses these issues, scaling to support millions of users and multiple applications while maintaining predetermined performance and load levels. This is achieved by decoupling back-end information retrieval from actual client serving and utilizing a flexible cache scheme.
Configurable policies define maximum load permitted on back-end systems, possibly varying by day and time, concurrency limits, expiration of cached items, and granularity of data retrieval.
