The OpenAjax Alliance, a group of companies, open-source projects and organizations dedicated to delivering interoperable AJAX technologies, announces the approval and availability of OpenAjax Hub 2.0 as an industry standard for more secure Web 2.0 mashup applications.
The OpenAjax Alliance,
group of companies, open-source projects and organizations dedicated to
delivering interoperable AJAX technologies, announced on July 27 the
"approval and availability of OpenAjax Hub 2.0 as an industry standard for
more secure Web 2.0 mashup applications," the Alliance said in a news
The OpenAjax Alliance developed OpenAjax Hub 2.0 over the past two years.
"AJAX is Web development
Mashups allow business users to drag and drop 'mashed up' components to create
customized Web applications in minutes," the organization said in the
release. It continued:
The major addition to Hub 2.0 is a
malicious intent. It addresses concerns among IT managers that may have inhibited
adoption of mashup software within companies.
"OpenAjax Hub 2.0 is a major step
forward for the OpenAjax Alliance towards its mission of promoting Ajax
interoperability," says David Boloker, OpenAjax Alliance Steering
Committee chairman and chief technology officer for Emerging Internet
Technology [at] IBM. "In order to realize the potential
for mashups across the industry, there [need] to be standards. Hub 2.0 defines
a key industry standard for how widgets can be isolated into secure containers
and then how widgets can talk to each other through a mediated messaging
Bertrand Le Roy, senior program manager at Microsoft,
was quoted as saying, "The
OpenAjax Hub 2.0 is a unique opportunity for the industry to provide a trusted
solution to the very real problem of secure mashups, bridging applications as
well as libraries such as the Microsoft Ajax Library or jQuery without a
constraint on their design."
To read more about the OpenAjax Alliance, click here.
The Hub 2.0 technology "isolates third-party widgets into secure
sandboxes and mediates messaging among the widgets with a security manager. For
example, suppose a Website includes a third-party calendar widget. That widget
itself might be malicious or might become malicious if its code has
vulnerabilities that allow a site to hijack the widget. Malicious widgets could
transmit hijacked data to a scamming Website or piggyback user credentials to
read and write from company servers," the OpenAjax Alliance said in its
However, it said, "Hub 2.0 prevents attacks by isolating untrusted widgets
from the main application and other widgets, and by preventing access to user
credentials. It protects against widget hijacking due to its features around
careful widget loading and unloading and message integrity." According to
"OpenAjax Hub 2.0 is a
significant technology advancement for enterprise mashups," said Mikael
Orn, director of development for IBM Mashup Center. "Hub 2.0 allows companies to realize
both mashup security and flexibility. With OpenAjax Hub 2.0, users or administrators
can isolate untrusted third-party widgets into secure sandboxes, preventing
information stealing and other malicious acts. The net result is that mashup
users can combine company-internal widgets with third-party widgets without
"JackBe is excited to see the OpenAjax Hub 2.0 mature into a robust
specification and standard that provides an additional approach to [addressing'
the security challenges of mashups in the browser," said Deepak Alur, vice
president of engineering and product management at JackBe. "At JackBe we
are incorporating this technology into Presto, JackBe's enterprise mashup
platform, to enhance our offering and provide even greater security support for
our enterprise customers."
Steve Repetti, CEO and CTO
at RadWeb Technologies, said, "The new OpenAjax Hub 2.0 provides a
comprehensive enterprise-grade solution for secure widget interoperability.
OpenAjax Hub 2.0 is the glue that binds distributed objects and applications
together in a trusted environment."
And Howard Weingram, principal architect at TIBCO Software,
Hub 2.0 a "very important advance for the industry." He added,
"For the first time implementers can securely combine standardized widgets
and components from different sources, including those with very different
trust profiles. TIBCO is shipping Hub 2.0-enabled products today and sees the
Hub as a strategic technology."
According to the statement:
OpenAjax Hub 2.0 was validated in late
2008 during a multi-vendor interoperability event, and then revised in early
2009 to allow straightforward integration with other industry mashup
technologies, particularly OpenSocial technologies. It has now been finalized
and approved for release.
The OpenAjax Alliance also said:
The announcement is part of a broader
set of initiatives at OpenAjax Alliance to accelerate customer success using Ajax. In addition to OpenAjax Hub, the alliance
is working on a companion mashup initiative, OpenAjax Widgets, which defines an
Ajax interoperability standard for Ajax widgets, and is scheduled for approval in
the coming months.