Mykonos Software announced today the general availability of a new version of Mykonos and a major update to their innovative platform for building and deploying secure, Rich Internet Applications (RIA). Mykonos v1.2 contains significant new enhancements that help extend enterprise security measures to the AJAX client.

"CIOs and CSOs have been forced to settle building Web applications that need client-side plug-ins to run and lack enterprise security," said David Koretz, President. "Rather than trying to bolt-on security as an afterthought, Mykonos operates at the code layer, addressing the 70% of security issues that exist at the application tier." Mykonos Software announced today the general availability of a new version of Mykonos and a major update to their innovative platform for building and deploying secure, Rich Internet Applications (RIA). Mykonos v1.2 contains significant new enhancements that help extend enterprise security measures to the AJAX client.

Mykonos 1.2 addresses the gap between server-side authorization, access control, and logging solutions, and a full client-side presentation layer that rarely refreshes a Web page.

Developers can apply access control rules from existing Web Access Management solutions directly to the Mykonos presentation layer. They can apply additive user, group, and role-based permissions to entire applications, individual tabs, and even specific interface components. By applying access rules to the presentation tier, developers can deliver the same application to different groups with different privileges. They can also ensure that users never see options and objects for which they do not have data access.

Mykonos 1.2 supports single sign-on integration with SAML v2-based identity providers such as OpenSSO. Mykonos ties SSO seamlessly into the client-side application experience: Users aren't re-directed outside of the application to login, and when their sessions time out they can re-login without losing application state.

Mykonos 1.2 provides an application logging service that goes beyond server-side logging to include client-side activity that occurs between page refreshes. The service logs general client activity, as well as specific security events

Mykonos provides 128-bit AES encryption as an alternative to SSL. Developers can apply AES encryption to some or all requests and responses without being constrained by cross domain scripting restrictions or data size limits.

Several exploits including clickjacking rely on the ability to load an application inside an iFrame element, often in an attempt to get users to click on concealed links. Mykonos 1.2 applications always own the top level frame, and automatically break out any parent frames that are not authorized. Developers can maintain a whitelist of trusted parent frame URLs in the application's XML configuration.

Mykonos 1.2 also includes significant enhancements that make it easier to build, configure, and deploy services in a multi-tenant environment, as well as several performance optimizations of its core server.

"Mykonos 1.0 was about getting the framework right -- cross browser support, a robust component library, a Visual Builder -- and shutting down the biggest threats, namely man-in-the-middle and XSS attacks," said Al Huizenga, Product Manager. "The newest release of Mykonos delivers the first hardened AJAX security layer."