Addressing Security Concerns
Meanwhile, mashups represent a revolution in Web application development, where end users can assemble situational applications within the browser by drag-and-drop assembly of pre-built Web components (widgets and feeds) onto a mashup canvas. However, mashups represent a security challenge due to the risk of potentially malicious third-party components. The alliance has produced OpenAjax Hub 1.1, which provides an industry-standard secure mashup runtime that isolates third party widgets into security sandboxes and mediates messaging among the widgets with a security manager. OpenAjax Hub 1.1 will be delivered as both an open specification and commercial-grade open-source reference implementation.The alliance includes within its OpenAjax Metadata standard the ability to define "mashable widgets," where widgets identify the properties that they share with other widgets and the messages that they can publish and receive from other widgets. To speed industry adoption of its mashup technologies, the alliance has produced both an industry XML format for "mashable widgets" and an open-source mashup application that demonstrates all of its mashup technologies working together, Ferraiolo said. The mashable widget format is upwardly compatible with the OpenAjax widget format used to document widgets within an AJAX library, thereby allowing AJAX widget libraries to be "mashup-ready." The open-source mashup application provides reusable open source for processing the OpenAjax Metadata standard for mashable widgets. The mashup application also demonstrates integration of OpenAjax Hub 1.1 in order to provide a secure mashup runtime. The alliance has also developed an open-source widget repository that supports the OpenSearch standard. OpenAjax Alliance officials said. "The mashup work at OpenAjax Alliance will help accelerate the time when end-user mashups will become a mainstream part of Web application development," said Stewart Nickolas, chair of the Gadgets Task Force and distinguished engineer at IBM. "The alliance has addressed both the widget interoperability problem facing the industry with its widget standard that is in OpenAjax Metadata and with the open-source mashup runtime in OpenAjax Hub 1.1." "IBM is thrilled to see the OpenAjax Alliance provide specifications to increase interoperability between industry-supplied widgets and tooling metadata. We are incorporating these specifications into Rational Application Developer," said Karen Hunt, director of Development Tools, IBM Rational Software. "The OpenAjax metadata support in Rational Application Developer will enable support for adding widgets to the palette, allowing the widgets to be in the drag-and-drop WYSIWYG page designer editor. In addition, the latest specification will help ensure that the Dojo Widgets we make available can interoperate with Google Gadgets, Microsoft Gadgets and others."
"Today's announcements from the Alliance illustrate how OpenAjax is evolving from the consumer space into the enterprise by being able to run mashups, widgets and gadgets in AJAX applications," said David Boloker, OpenAjax Alliance Steering Committee chairman and chief technology officer for Emerging Internet Technology, IBM.