|
|
|
OpenAjax Alliance Delivers Secure Mashup Software
By: Darryl K. Taft
2009-08-31
Article Rating:  / 4
There are 1 user comments on this Application Development story.
The OpenAjax Alliance, a group of companies, open-source projects and organizations dedicated to delivering interoperable AJAX technologies, announces the approval and availability of OpenAjax Hub 2.0 as an industry standard for more secure Web 2.0 mashup applications.The OpenAjax Alliance, a
group of companies, open-source projects and organizations dedicated to
delivering interoperable AJAX technologies, announced on July 27 the
"approval and availability of OpenAjax Hub 2.0 as an industry standard for
more secure Web 2.0 mashup applications," the Alliance said in a news
release.
The OpenAjax Alliance developed OpenAjax Hub 2.0 over the past two years.
"AJAX is Web development
technology based on HTML and JavaScript that runs mashups, widgets and gadgets.
Mashups allow business users to drag and drop 'mashed up' components to create
customized Web applications in minutes," the organization said in the
release. It continued:
The major addition to Hub 2.0 is a
JavaScript Library for Secure Enterprise Mashups created to better protect widgets and mashups from hackers and
malicious intent. It addresses concerns among IT managers that may have inhibited
adoption of mashup software within companies.
"OpenAjax Hub 2.0 is a major step
forward for the OpenAjax Alliance towards its mission of promoting Ajax
interoperability," says David Boloker, OpenAjax Alliance Steering
Committee chairman and chief technology officer for Emerging Internet
Technology [at] IBM. "In order to realize the potential
for mashups across the industry, there [need] to be standards. Hub 2.0 defines
a key industry standard for how widgets can be isolated into secure containers
and then how widgets can talk to each other through a mediated messaging
bus."
Bertrand Le Roy, senior program manager at Microsoft, was quoted as saying, "The
OpenAjax Hub 2.0 is a unique opportunity for the industry to provide a trusted
solution to the very real problem of secure mashups, bridging applications as
well as libraries such as the Microsoft Ajax Library or jQuery without a
constraint on their design."
To read more about the OpenAjax Alliance, click here.
The Hub 2.0 technology "isolates third-party widgets into secure
sandboxes and mediates messaging among the widgets with a security manager. For
example, suppose a Website includes a third-party calendar widget. That widget
itself might be malicious or might become malicious if its code has
vulnerabilities that allow a site to hijack the widget. Malicious widgets could
transmit hijacked data to a scamming Website or piggyback user credentials to
read and write from company servers," the OpenAjax Alliance said in its
statement.
However, it said, "Hub 2.0 prevents attacks by isolating untrusted widgets
from the main application and other widgets, and by preventing access to user
credentials. It protects against widget hijacking due to its features around
careful widget loading and unloading and message integrity." According to
the statement:
"OpenAjax Hub 2.0 is a
significant technology advancement for enterprise mashups," said Mikael
Orn, director of development for IBM Mashup Center. "Hub 2.0 allows companies to realize
both mashup security and flexibility. With OpenAjax Hub 2.0, users or administrators
can isolate untrusted third-party widgets into secure sandboxes, preventing
information stealing and other malicious acts. The net result is that mashup
users can combine company-internal widgets with third-party widgets without
compromising security."
"JackBe is excited to see the OpenAjax Hub 2.0 mature into a robust
specification and standard that provides an additional approach to [addressing'
the security challenges of mashups in the browser," said Deepak Alur, vice
president of engineering and product management at JackBe. "At JackBe we
are incorporating this technology into Presto, JackBe's enterprise mashup
platform, to enhance our offering and provide even greater security support for
our enterprise customers."
Steve Repetti, CEO and CTO
at RadWeb Technologies, said, "The new OpenAjax Hub 2.0 provides a
comprehensive enterprise-grade solution for secure widget interoperability.
OpenAjax Hub 2.0 is the glue that binds distributed objects and applications
together in a trusted environment."
And Howard Weingram, principal architect at TIBCO Software, called OpenAjax
Hub 2.0 a "very important advance for the industry." He added,
"For the first time implementers can securely combine standardized widgets
and components from different sources, including those with very different
trust profiles. TIBCO is shipping Hub 2.0-enabled products today and sees the
Hub as a strategic technology."
According to the statement:
OpenAjax Hub 2.0 was validated in late
2008 during a multi-vendor interoperability event, and then revised in early
2009 to allow straightforward integration with other industry mashup
technologies, particularly OpenSocial technologies. It has now been finalized
and approved for release.
The OpenAjax Alliance also said:
The announcement is part of a broader
set of initiatives at OpenAjax Alliance to accelerate customer success using Ajax. In addition to OpenAjax Hub, the alliance
is working on a companion mashup initiative, OpenAjax Widgets, which defines an
Ajax interoperability standard for Ajax widgets, and is scheduled for approval in
the coming months.
|
|
�������x}kwƲx�9;B��fa�mq&��BbK?qu�$q26[�AȅL{B:haQ?sF��.3齷O$w|}�ȟr-G;n-A-˛�@
([Į�j�w�G<|N�შ���:':UG�.Rs2kZ9�5j9'ԓoO~e0c�.Z8lT�'�:2?Z�$�1qDñh]�QQ��X�-:��ۗLoI@ؓ:Ith mU�r'"b�#�:(A�����]ñ��&\./R͌iAwtԭ�Q��zs�H��1F �4cXTw4je8DrH�n6��Ոj)6aȳX�$q��.ܺa?u/}=-:ԍۉ,�Y֛WŻX䈍XR'`>6#ݛRx>҈�c�"Sk9ˑ,YF3,Ӹԗ
XSKC(DžJ|��i{2Ń̙
g֨n~wUMSN}~#>��-ݾ��Sp[�^v�Si^w{ݳ>~j]\��r m�+�o%&�� J�DTRBx�'"��ScjCG'I^'��oVQWB-ÂhZAAr��qja�5=�3�+i�*H,'I)?ZZu"uuX&�Zh�C�A+t1iPo9k<_rܴ/ݛ�9^fSCR,\BgC:�
�'ɗV�>-�z���f��l
M��
4=GVK{C{|"S�xr>%9Io
7/��0g-Yn]H.NT|Y|؛?ʱ�o�0O¿#E/#s1
uێ=
X�C#ʠ�:ڴb{\禯�S�4!>�&
s|`�x<(Abχ@�#CߜQo^i`��I��A�6z�v@��MÄ�?1a(ME^PݵԹ'|hƋެy=�x@�}0~i
l$�Tw�6A�0:A̞P��,jXb`�>QY~pH��$PEq5ҋS)4�I
�̇R >5M+�} 8���_gM�����cY!�h( '0ݡ[[3T w^IY䞅T_9YX���XO`~�ť`(m�tfѹ+>q^uiC@Ӥ[��M�ڽp@�r6�ҁveZZ�@-��ĿU�I
-aS_X5èkAJ+�_i)
E�A
n2fZ6�X.}�i^%xTR0nM���tq7\Pe��ȄeFloՒhcM;,Wbrc2
g%�A�qsG�N}$%m�%ʫ�=u�4-]�~o�3=t6L�|Bm�g>u� M
sOѭ,��p��ZU501wA�'��ű@b=��}3t/,�q67u{yaٿXYTZkʮtِ�үxVp�
:�fc����txF3�f�ԱiQP34pk#�b�Zk)LRP�qO9&"_G5�k�^��˥�Wر,>�3躢G�ı4st%1�8���pO9z6|��*j�0BBȋVy{�8h^;(_xmj��r]ilu�0q`* Z3:sV*M�ǙXT*[Pfۻ(�Q'&�;Al˘�O�� c���>(cpH,`_V
�:@0 !/�P��TQ-W0.#_L��_LU1(T#nƻhA��{-X]�(X��ӞÊ?DJQcG].C+DÜU^o-b�$JPV"tѡUT9.J�u���/?]e��x
%7��r@�8@�Oo10Ghgp@o(�[�`3�tx+ߙ#[aeaSF]H�?`SY��/ÊTU9�i
~�>AV�6őG@=q?@*2
Xܚ 0��(E{耰�⢉�!H{ӟ����4)^�Fl.=T:ٝ'(�~�p;J�4w$���H{IMzȮO1.BV�a�{voqe)D�kްk�?FMS؇Qcm/ kR9�TZ5^�애]pHA�`�!ѝv;#ؐCKAk2̧ �8Uo��F*-X[#WX�
xV IQdS3et�
kCмϤMNU)HW>z��N�M?؛Z�`�ͳq�G�atθ/@N(83ѣI�W5(SǍ9
��Ɔ}G�DӇjZ)6ߗ�#2�
s*?�\l [32PߙWM�?�`,fv_=,UHu
2�\� r�Otv1ܶG-&s�c�dK&�ssK����Zo40pb2Y:%|��rh3NNyT!�"�cr�0n,<�#8wDAǸgЍU?f#�ta7pTJJ\�
(J+HA:eMÓټv8�TU�{My� U�̐,*C�j]K>a51t�oLuPĘlv迌USxP�R6Z|b\)�3ǺaWPjjr D*��G�?�>�n!�VɵF#^�$G{EY(,.nDUPU(V
��y�Vp8,h�`W�F4`+Z��۹!�7" "��l[
e|פ|X����OeF3�q1�8@X=�y}dl���j>g+jBgE2�qf'S�I�mYV&Up]�w3M#>� h
z��lʪ�+> tVB gI= ����D�U4qyh7(۞jjjg'x4Hđ�ʝ?5q_@�
UR#b(V��VJr=H�`!`�X>�bEO��P?�o��Z.+a�x9C�T�`|"@-a'd86o
-"} �h�wOXM�yxK�M�ݯ$DDOC�VG�gX&1W+�ʬbj^?3Z co;W���ZU{�" }M
Xp�ف���g#�{?J䏽n�)hl�{ٗ�#<3�y{�vݽ<"�"hcrj8)��ji%<�j�Ծl~9"c�?\w?^6vŏ-�Ӹoٳ��P �K Nc�bw}|3z^^5�隿F�^t)crѾlI^G+Γ�!�7�E�B�ç�=�upi)1e��ڎ6�N
,#�z~q�a̍��D8 -e@ ձtkN,�S�VXS!�}�>��mP6a4lCꏽ5/q�֭
Bb/��?B!|Jg�eETHJoO�wո�6<6ޥ]晿BvmK$c��Ζ�$!�ė4 �E��)��#-�|8O�B[(
�*VZ\�Z-VҼ
qN,#z�Sa>J f� R�z/uO�mOwg�X�m�yq=v�츃vd��:Gw*b�,_k=huӅ[do��z$sm�#g#.�Ս)A�/ֳ}s9[�R�b0x"64Ndxywy#Kx�EıTrc&a�י*hcݮ<�#�����Ñ3M��!.Iߺ&s���#A�I��]g7o�m�T�IАߙ�wܼ>ℜ710;~[o5e'�
C7+۽dNiimơ8�
��J=~Nl/Nt6�D�jy[a{wCVȪ̙S.{�OGg��^q,8���&nu�o�ҁ{W&-3(�/l#-u82{K�L7+{�Ub{k_
�14+ߙL,*z3]}vڣ�sL��>dO1\jYDc{&z�X�r? {ok�A[ɱ=�EΙ�a�dC%[euw+[c�³��D`H@3=égA� jm9��6:ar*|B�ZyVa�8\}5�ߊ:"YcCƓdǟ۲&ZP|9�ߎ93{K�4�j�Z*2kp+c�S[K//.o4y˭ LdT�/rK[�⹏^}lQۏo%~!љi*2,Cx#Ա��"a4al@JU9y�3#:9ti&,v#r3}$,~�L=X%Q�Ozs_�"B5K��fD G�.;jYaA,,f'^�Sl聂q:~}ۚ82Q Y{��~
^! �>8}xu1`4Џ6��y��б33
�Mg��a�hoK�0?a�M#��2��#�^�[q4�՟VB:t8P�ؑt4B ?Jqo~��_8b?qF8P�V
�³3VqB}um+{1�9JA++9rǮ9_31tϖP-T�ʸj�ZyuS�4!�O]�Gon�hd�g953wA09?6[7oEHvj-5+9絙t�m{{�Ʒi�Sb`�W۲:ư>�/
oբ]}> dUqdyΜ;mV)K�jhk;6}siyLg�zl/~�I��&�2DJ:8tF87'�4V�c2,�J��5ȝ�k`
�E��VГ.��у%:?w}L5h�Νc(PTg >k^.~i//m~ᩌ��e�sƓy�0�\�'_�>-n2b1E+l��@.]h�r}L==,�L7\
robW��
L3.Neã�ErU���t�^a7¯ ţvRP_h���?sk�Kw�ͨ$$X
�:�[4HcbR�W.h?��*�O2F4NYNl
LP�Ӭϟfo!_`n3�ϻ�ykf1v1�Ga)�Y�ln�W$R�M:�_[���E��/9!
<��5ϥ=`=�r ��]nO�O3m=�1a��ˊ�tZP|l:
-Û*ju:�6&#,�c�^q?
�I�YWc��vq�CvEK�̗GÂ�G#0cY�~/g� /"j\{�jsɣbsW�F�%1{H�J@�4CX�^q7S3"b~�
긺\�ob[���a T_��Vg�B�8�AXJ|XD
�Ň�c� "�K#j�%y3�tkeAƠ1'fS�Y�hM[�16ǜS{Or\y(.IQ:)Ȣ~e=^^@#e�F7��Ue:-09�j,(,)��HX��-K7�|^sg�鋑<)fFllz^C�`5;mlz^C�M` .�K�1}�+n-浻�3�@ 57:Uc{s۷6BBOO5٢
��XXoc)
f�'�2CVmb| 5,\�<\πJ*n.A4�`},k\$26ZX+(%\��;u4�Kl1Ch�b#3�"���旀|0\'M3C}A.[7VߺU C�iY6�����<�도}�N
5[{��|tH ]XWbB�Fg��:�|e1u0U]?�C.7LG��:�L(!�iqFueO9T
�ƈn_f�Ð���{VcLŰDzǸ c��4Q�?y�cMZfE<
,iG�� ��^C. Qχ9.�v�mDRP�)����y
6�ӈ1ic>�Xl�Km�l�ȧn1r�KT-�@a=Q#�3v)�9f_/��HM*b�=�vqU�@��y+��DL�͂`Aa~�!��S)Aw�0\�(oaQ�6w<``EP&00��a|Lo�gcv?]5:�bB>Pn1��YΜo���*r ��Pw�PcA~6mݜ�(�8�&�jq����H$bcx=9a!5A<0]#5�ix2���{x���bRU+J)x�U����weX
z{Kwy�Bv~N/o7sv3��gڗ�vF?2?C���]1?��'c�ɂ�d�d�d�ɠ�g'>G/3 ?eCyF?���(d^f%e�\]f_��O7CtAt3�U�}\W�_�\gO�����诟A_@_�3�*}�'ߧ�@MV9M�@7��d_\IR�F�5pvJEsQ^O2T�y~�)�Pg�P!
g��z-2*�Bό��~/�>G{'sg+�i�_W�KM0TntճKL7T1jt�d�b�a��5KPe^ۛDN#GPyE#��C�h��toD.��s$��&}:=Wv l+Jx.*ܲ�}:aO1]�ȜH8VidNL_�B��r�(s#hR�{H9ѭ]\�zI[FܻԟYaf�=���pmঠǻ]_5-i0.: 7W�}�.om;yp#^][��T_�;Yo�%P.C�Is�geǃf�.ţu>Tl<-u&l\ef(+�@B�^�t
p8tu��{�zY)W8ïu�n
Lebpb�ŬV`,ѯx�Xz`�x�@�Cǹ~rh`=)gA��%>+.Ġ/�>''4WB��Vk�*v.w�Oy;6 �R�W,�1{+0�_I�uWdԢcEi_�DnG�c)w�q �cP
=�`?Gbd;�XFV53�BÙ|z^Dd�,�-
�)Hڵm۸P Jv4�Tum��k�<}kăHv!$K0W�?yK
[D=$z5|o,Cfe��S֒�_6/gwcWx<{Ko7[��(&\`6Fʪt\ڌ_�T~�Q'��K7"EioPm�
JO����{K}ow�
, �AQ6�v�>OSc�? `�nwfںm�ˎ똣��
G�GNFp)�N�cxʷ7rE&+nOv�Xg>��4كl4p�}, XsCQ �%7`
�]}����5HLJ��B ϱɮx�plg�o`�cCl�.3�*OYE
pWa) e76)(Xp^'ARuf6[�ƝMQh|��9�!�-�u6 ^<:�zyGׂ=Q籺�Fa2ZWtmk���!�ҮT)V�"ʕ.S�ܟ=C͗a��҃6
��ޘ�,�{��QAb�FA�8u�vAѺ
V�7"60^q[�K�l@�swS?�1XM.vQEeN܌�1i#�QaW:��R�7D]Ytx~ {];�S{.*kWn0* f
|4ݱOUl�g)�dv̅ea��%Zϼ:?ʂo/�QL�aa�ɗX�ug
cJ\gG�ۂ�~�Ӎ+2G�S<"Y8/"?�X=<,}d'KWܱ0Kul�C�^"R3 ˆEV Z.�t3���\/yq�{ϢA�0�Sa2��īJ�Ѭd�;j
��#=I�~p��`\YB��C�^EkN`!g˾t/>�J#�*`'g�>!�X!6�{xVyhMi{�ş�q˦�T�)Z�NJ`�bXFپ��uK+_/0Z͆-<��G97G5U+kX;hd_l+:cQEapzr�{g;A\�(~r[)u̹D�/5^C\sjP.gr0:_��֎M.2a-dc{͵N_�?SlF\*��
|
Application Development 
