OpenAjax Alliance Delivers Software for More Secure Enterprise Mashups

Aug 31, 2009

The OpenAjax Alliance announced today the approval and availability of OpenAjax Hub 2.0 as an industry standard for more secure Web 2.0 mashup applications. Advances in security in Hub 2.0 can help protect enterprise mashups from malicious intent, giving IT staff greater confidence in adding these features to their Web sites.

OpenAjax Hub 2.0 was developed over the past two years at OpenAjax Alliance, an organization dedicated to the adoption of open and interoperable Ajax technologies. Ajax is Web development technology based on HTML and JavaScript that runs mashups, widgets and gadgets. Mashups allow business users to drag and drop "mashed up" components to create customized Web applications in minutes.

The major addition to Hub 2.0 is a JavaScript Library for Secure Enterprise Mashups created to better protect widgets and mashups from hackers and malicious intent. It addresses concerns among IT managers that may have inhibited adoption of mashup software within companies.

"OpenAjax Hub 2.0 is a major step forward for the OpenAjax Alliance towards its mission of promoting Ajax interoperability," says David Boloker, OpenAjax Alliance Steering Committee chairman and chief technology officer for Emerging , IBM. "In order to realize the potential for mashups across the industry, there needs to be standards. Hub 2.0 defines a key industry standard for how widgets can be isolated into secure containers and then how widgets can talk to each other through a mediated messaging bus."

Hub 2.0 isolates third-party widgets into secure sandboxes and mediates messaging among the widgets with a security manager. For example, suppose a Web site includes a third-party calendar widget. That widget itself might be malicious or might become malicious if its code has vulnerabilities that allow a site to hijack the widget. Malicious widgets could transmit hijacked data to a scamming web site or piggyback user credentials to read and write from company servers.

Hub 2.0 prevents attacks by isolating untrusted widgets from the main application and other widgets, and by preventing access to user credentials. It protects against widget hijacking due to its features around careful widget loading and unloading and message integrity.

An Overview of OpenAjax Hub 2.0

Hub 2.0 consists of two main parts, a specification and an open source implementation.

• The Hub 2.0 Specification has been recently approved by the members of OpenAjax Alliance as an Ajax industry standard. The specification defines standardized JavaScript APIs for secure mashups and will result in cross-vendor interoperability among mashup tools and mashup components.

• The alliance has also developed an open source implementation of the Hub 2.0 specification. The open source implementation is written in browser JavaScript and is compatible with all popular desktop browsers.

This announcement is part of a broader set of initiatives at OpenAjax Alliance to accelerate customer success using Ajax. In addition to OpenAjax Hub, the alliance is working on a companion mashup initiative, OpenAjax Widgets, which defines an Ajax interoperability standard for Ajax widgets, and is scheduled for approval in the coming months.

OpenAjax Hub 2.0 was validated in late 2008 during a multi-vendor interoperability event, and then revised in early 2009 to allow straightforward integration with other industry mashup technologies, particularly OpenSocial technologies. It has now been finalized and approved for release.

Hub 2.0 also includes a comprehensive test suite and provides an extensibility architecture that allows software vendors and enterprise customers to customize and extend to meet particular needs. The specification and open source have been designed with enterprise performance requirements in mind. The Hub 2.0 technology includes a fast-performance option for trusted widgets (e.g., widgets developed by the company's own IT department) which allows internal company mashups at scale. The security features in Hub 2.0 build from the Secure Mashup (SMash) open source contribution from IBM Research to OpenAjax Alliance that was announced in 2008.

To help vendors deploy Hub 2.0, the alliance has written two white papers:

• "Introducing OpenAjax Hub 2.0 and Secure Mashups" www.openajax.org/whitepapers/I… Secure%20Mashups.php
• "OpenAjax Hub 2.0 and Mashup Assembly Applications" www.openajax.org/whitepapers/O… y%20Applications.php
The alliance also has developed an open source mashup assembly application that showcases how to create a browser-based mashup application that uses OpenAjax Hub 2.0 and OpenAjax as the key technologies within the application.

The OpenAjax Alliance is an organization of vendors, projects and companies using Ajax that are dedicated to the successful adoption of open and interoperable Ajax-based Web technologies. OpenAjax members include more than 100 organizations including Adobe, the Eclipse Foundation, Google, IBM and Microsoft working towards the mutual goal of accelerating customer success with Ajax. To learn more about OpenAjax Alliance, please visit, www.openajax.org .

Source: IBM

Explore further: Where's the app for an earthquake warning?

add to favorites email to friend print save as pdf

Related Stories

IBM Cracks Web 2.0 Security Concerns With 'SMash'

Mar 13, 2008

IBM today announced new technology to secure "mashups," web applications that pull information from multiple sources, such as Web sites, enterprise databases or emails, to create one unified view. Mashups are attractive for ...

IBM Advances Web 2.0 Platform for Business

Jan 23, 2008

Today at Lotusphere, IBM unveiled a range of Web 2.0 and collaboration tools to enable enterprise mashups and social software, and help clients improve agility and speed decision-making for an increasingly virtual, global ...

Web sites get cool with Ajax or die

Jun 15, 2006

By this time next year, Web sites not developed using the Ajax technique "will simply not be cool enough to use," an Internet analyst said Tuesday.

Intel and Yahoo! to Bring the Internet to Television

Aug 20, 2008

Intel Corporation and Yahoo! Inc. today previewed plans for the Widget Channel, a television (TV) application framework optimized for TV and related consumer electronics (CE) devices that use the Intel Architecture. The Widget ...

Recommended for you

Where's the app for an earthquake warning?

6 hours ago

Among the many things the Bay Area learned from the recent shaker near Napa is that the University of California, Berkeley's earthquake warning system does indeed work for the handful of people who receive its messages, but ...

Hit 'Just Dance' game goes mobile Sept. 25

Sep 18, 2014

Smartphone lovers will get to show off moves almost anywhere with the Sept. 25 release of a free "Just Dance Now" game tuned for mobile Internet lifestyles.

Indie game developers sprouting at Tokyo Game Show

Sep 18, 2014

Nestled among the industry giants at the Tokyo Game Show Thursday are a growing number of small and independent games developers from Asia and Europe, all hoping they are sitting on the next Minecraft.

Review: Ambitious 'Destiny' lacks imagination

Sep 18, 2014

Midway through "Destiny," the new science fiction epic from "Halo" creators Bungie, a smug prince is musing on the hero's desire to visit a mysterious site on Mars.

User comments : 0