AJAX alliance to secure mash-ups
Developers spoke about hubs.
By Paul Krill, InfoWorld | Published: 03:08, 25 September 2007
The OpenAjax Alliance has put forth an aggressive roadmap for securing and interoperating AJAX tools and mash-ups.
Speaking at the AJAXWorld conference in California, Jon Ferraiolo, OpenAjax operations manager and an IBM web architect, detailed the upcoming release of the OpenAjax Hub 1.0 and the follow-up 1.1 release. Ferraiolo also discussed the OpenAjax Registry and IDE accommodations for AJAX.
With the hub, the alliance aims to iron out interoperability issues between AJAX tool-kits.
"Sometimes, they actually prevent each other from working. They step on each other," Ferraiolo said.
Developers can use the hub to integrate multiple tool-kits within the same web page while tool-kit developers can use it to allow tool-kits to talk to other tool-kits. While the 1.0 hub is useful in mash-up scenarios where all components come from a trusted source, version 1.1 adds a security layer for untrusted components to protect from any components that might be malicious.
The 1.0 version of the hub, to include AJAX library registration and a publish-and-subscribe engine, is due by the end of this year. Version 1.1 is planned for approval next year, although a full implementation is slated to be ready by the end of 2007.
"One of the key features [in version 1.1] is secure mash-ups," said Ferraiolo. "It's very much a security-focused enhancement providing a secure mash-up framework," he said.
IBM-contributed technology called SMash, for Secure Mashups, is being included in version 1.1. It provides for secure handling of third-party mash-up components.
Also in the security arena, the alliance has formed an AJAX Security Task Force
Version 1.1 also is slated to include publishing and subscribing across frames as well as publish-and-subscribe between clients and servers. Also featured is support for the Comet programming technique to push data from the server to client. Server push is desirable particularly in mash-ups and portals, according to the alliance.
The hub was called "absolutely essential" by attendee and author Dave Mosby. "It provides mechanisms for us to bridge between different components so that they can begin to talk to each other," Mosby said.
OpenAjax is holding an event this week called OpenAjax InteropFest, in which companies like Microsoft are testing their AJAX tool-kits for conformance with OpenAjax. Microsoft, with its Microsoft AJAX Library, has passed the conformance test, according to Microsoft.
"Mobile devices are getting AJAX," said Ferraiolo.
An AJAX management task force, meanwhile, is being launched to make sure AJAX applications perform on a consistent basis. Another task force to be formed will focus on searchability to optimise the ability for search engines to find AJAX applications.
Proposals from Microsoft, Adobe Systems, and Aptana have been submitted for consideration by the IDE working group.
OpenAjax Alliance features members like IBM and Microsoft.