Search This Blog

Tuesday, March 18, 2008

OpenAjax Adds Security, Mobility To Web 2.0 Apps

The OpenAjax Alliance updated its publish/subscribe platform, and
unveiled Mobile Ajax for mobile devices at the AjaxWorld conference in
New York. Ajax (Asynchronous JavaScript and XML) powers most Web 2.0
applications, including mashups, as well as gadgets, which can be
placed on Web pages or social networking sites to show weather, incoming
mail or other highly customized content. But like any other code,
mashups and gadgets are vulnerable to malicious attacks. Ajax-based
content also hasn't penetrated the mobile world much, the alliance said.
The alliance's newly revamped framework, OpenAjax Hub 1.1, extends the
publish/subscribe features and allows incorporation of untrusted mashup
components, known as widgets, from third parties. Using IBM's Smash
technology, untrusted widgets are isolated into IFrames and can only
communicate with the rest of the mashup through a secure, mediated message
bus. Later, the alliance expects to issue standard API for OpenAjax Hub
1.1, along with a commercial-ready open source JavaScript reference
implementation, the group said, in a statement. Mobile Ajax, its other
initiative, is intended to broaden use of Ajax on mobile phones. Many
Ajax-powered mobile applications require integration with the phone's
operating system for physical location or for one-touch dialing, for
example. To address the OS integration requirement, the Mobile Ajax
committee will establish use cases, requirements, and characterize the
requirements of the security effort, with likely follow-on efforts to
pursue industry standards and/or open source. According to the
announcement, "The Ajax industry today has dozens of useful Ajax
libraries and several popular developer tools, but integration of Ajax
libraries into Ajax tools has been a largely library-by-library manual
process for the tool vendors. In addition to its mashup features,
OpenAjax Metadata also defines a comprehensive industry XML standard
for describing Ajax library APIs and UI controls, with the objective
to allow arbitrary Ajax tools to integrate with arbitrary Ajax libraries.
Among the participants on the IDE committee are representatives from
Adobe, Aptana, Dojo, Eclipse, IBM, Microsoft, Sun, TIBCO and Zend."

No comments: