Code, Data Kept Separate

By Darryl K. Taft  |  Posted 2008-03-17 Print this article Print


In a mashup scenario, SMash addresses a key part of the browser mashup security issue by keeping code and data from each of the sources separated, while allowing controlled sharing of the data through a secure communication channel. IBM plans to include SMash technology in some of its WebSphere products as well as its commercial mashup maker, Lotus Mashups, which is expected to ship this summer. IBM Lotus Mashups is IBM's first commercial mashup maker for business and will allow nontechnical users to create and share mashups in a secure way. 

Performance evaluations have shown that SMash can be used in common enterprise mashup applications, IBM officials said.

However, Alex Russell, co-creator of the Dojo Toolkit and a member of the OpenAjax Alliance Security Task Force, said there are concerns about Smash, including data transmission rates that can be reached and forward compatibility with emerging standards.

Russell said SMash is important and is a generalization of Microsoft's Subspaces research and previous work that James Burke had done in Dojo and that Joseph Smarr had done did inside of Plaxo. "And, as such, it provides some good properties for cooperating domains to share constrained sets of data inside a browser environment [i.e., without server proxies]," Russell said.

However, he said that "nothing is a clear 'winner,' nor is there a single API which wraps it all up and makes it easy to integrate and publish/advertise services for. My personal suspicion is that this will take longer than proponents expect for things to sort themselves out. I'm thinking at least 18 months."

In related news, in February, IBM's X-Force Security Team released the findings of a report, detailing a rise in the sophistication of attacks by cyber-criminals on Web browsers worldwide. According to the study, by attacking computer users' browsers, cyber-criminals are able to steal their identities and control the computers without their knowledge.



Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel