IBM SMashes Web 2.0 Security Risks

By Darryl K. Taft  |  Posted 2008-03-17 Print this article Print

IBM creates a technology designed to make mashups more secure.

With security risks increasing with Web 2.0 technologies such as mashups, IBM is rolling out a new technology known as SMash, short for "secure mashup."

IBM announced SMash March 13 and contributed the technology to the OpenAjax Alliance. Mashups pull information from multiple sources, such as Web sites, enterprise databases or e-mails, to create a unified Web application. Mashups have caught on quickly for business use because they enable nontechnical users to gain insight on complex situations in minutes, and nondevelopers to quickly create "situational" applications. However, as with most Web-based initiatives, security is a concern.

"When we started a lot of this mashup work, the first thing enterprise customers asked was, 'Have you thought about security?' " Rod Smith, IBM fellow and vice president of emerging technology, said in an interview with eWEEK.

With SMash, IBM is trying to reduce the risk. SMash allows information from different sources to talk to each other, but keeps them separate so malicious code can't creep into enterprise systems, Smith said.

"IBM Research did the development in conjunction with some guidance from the OpenAjax security working group," Smith said. "IBM Research did a reference implementation and wrote the code."

Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel